diff options
author | Sándor Oroszi <oroszisam@gmail.com> | 2020-10-12 15:42:23 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-12 08:42:23 -0500 |
commit | 83ef2306a1481e0cf7f53899c390497256711e29 (patch) | |
tree | f27916271dde163143de9d7963805695d3f038b9 /CHANGELOG.rst | |
parent | 43c97767afe7aa1dccefec35946dbc8b9cde73a4 (diff) | |
download | pyopenssl-83ef2306a1481e0cf7f53899c390497256711e29.tar.gz |
Allow using additional untrusted certificates for chain building in X509StoreContext (#948)
The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.
This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e5f08d2..2ba1f7f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -24,6 +24,9 @@ Deprecations: Changes: ^^^^^^^^ +- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()`` + where additional untrusted certificates can be specified to help chain building. + `#948 <https://github.com/pyca/pyopenssl/pull/948>`_ - Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted certificate file bundles and/or directories for verification. `#943 <https://github.com/pyca/pyopenssl/pull/943>`_ |