Skip to content

Commit 89c354c

Browse files
chrisburrchrisburr
committed
bpo-39342: Expose X509_V_FLAG_ALLOW_PROXY_CERTS as ssl.VERIFY_ALLOW_PROXY_CERTS
1 parent 550e467 commit 89c354c

File tree

4 files changed

+15
-0
lines changed

4 files changed

+15
-0
lines changed

Doc/library/ssl.rst

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -634,6 +634,13 @@ Constants
634634

635635
.. versionadded:: 3.4
636636

637+
.. data:: VERIFY_ALLOW_PROXY_CERTS
638+
639+
Possible value for :attr:`SSLContext.verify_flags` to enables proxy
640+
certificate verification.
641+
642+
.. versionadded:: 3.9
643+
637644
.. data:: VERIFY_X509_TRUSTED_FIRST
638645

639646
Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to

Lib/test/test_ssl.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1305,6 +1305,8 @@ def test_verify_flags(self):
13051305
self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN)
13061306
ctx.verify_flags = ssl.VERIFY_DEFAULT
13071307
self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT)
1308+
ctx.verify_flags = ssl.VERIFY_ALLOW_PROXY_CERTS
1309+
self.assertEqual(ctx.verify_flags, ssl.VERIFY_ALLOW_PROXY_CERTS)
13081310
# supports any value
13091311
ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT
13101312
self.assertEqual(ctx.verify_flags,

Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Expose ``X509_V_FLAG_ALLOW_PROXY_CERTS`` as
2+
:data:`~ssl.VERIFY_ALLOW_PROXY_CERTS` to allow proxy certificate validation
3+
as explained in
4+
https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html.

Modules/_ssl.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6181,6 +6181,8 @@ sslmodule_init_constants(PyObject *m)
61816181
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
61826182
PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
61836183
X509_V_FLAG_X509_STRICT);
6184+
PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
6185+
X509_V_FLAG_ALLOW_PROXY_CERTS);
61846186
#ifdef X509_V_FLAG_TRUSTED_FIRST
61856187
PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
61866188
X509_V_FLAG_TRUSTED_FIRST);

0 commit comments

Comments
 (0)