Allow using additional untrusted certificates for chain building in X509StoreContext (#948)

The additional certificates provided in the new `chain` parameter will be untrusted but may be used to build the chain. This makes it easier to validate a certificate against a store which contains only root ca certificates, and the intermediates come from e.g. the same untrusted source as the certificate to be verified. Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
author: Sándor Oroszi <oroszisam@gmail.com> 2020-10-12 15:42:23 +0200
committer: GitHub <noreply@github.com> 2020-10-12 08:42:23 -0500
commit: 83ef2306a1481e0cf7f53899c390497256711e29 (patch)
tree: f27916271dde163143de9d7963805695d3f038b9 /CHANGELOG.rst
parent: 43c97767afe7aa1dccefec35946dbc8b9cde73a4 (diff)
download: pyopenssl-83ef2306a1481e0cf7f53899c390497256711e29.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e5f08d2..2ba1f7f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -24,6 +24,9 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
+  where additional untrusted certificates can be specified to help chain building.
+  `#948 <https://github.com/pyca/pyopenssl/pull/948>`_
 - Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
   certificate file bundles and/or directories for verification.
   `#943 <https://github.com/pyca/pyopenssl/pull/943>`_
author	Sándor Oroszi <oroszisam@gmail.com>	2020-10-12 15:42:23 +0200
committer	GitHub <noreply@github.com>	2020-10-12 08:42:23 -0500
commit	83ef2306a1481e0cf7f53899c390497256711e29 (patch)
tree	f27916271dde163143de9d7963805695d3f038b9 /CHANGELOG.rst
parent	43c97767afe7aa1dccefec35946dbc8b9cde73a4 (diff)
download	pyopenssl-83ef2306a1481e0cf7f53899c390497256711e29.tar.gz