Revision - e257574 - bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. [...]

Staging
v0.8.1

Revision e25757408dc22561af9f9589c2c7e2a2fbb66ee4 authored by Ned Deily on 12 June 2018, 01:44:58 UTC, committed by GitHub on 12 June 2018, 01:44:58 UTC

bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7652)

The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.

1 parent 2023eaf

Files
Changes

Permalinks

codecov.yml

codecov:
  strict_yaml_branch: master
  notify:
    require_ci_to_pass: true
comment: off
ignore:
  - "Doc/**/*"
  - "Misc/*"
  - "Mac/**/*"
  - "PC/**/*"
  - "PCbuild/**/*"
  - "Tools/**/*"
  - "Grammar/*"
coverage:
  precision: 2
  range:
  - 70.0
  - 100.0
  round: down
  status:
    changes: off
    project: off
    patch:
      default:
        target: 100%
        only_pulls: true
        threshold: 0.05
parsers:
  gcov:
    branch_detection:
      conditional: true
      loop: true
      macro: false
      method: false
  javascript:
    enable_partials: false

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...