Commit 5727c7a2 authored by Jim Fulton's avatar Jim Fulton

Added some verification flags suggested by Julien Muchembled

parent fdfc9245
"""SSL configuration support
"""
import os
import sys
def ssl_config(section, server):
import ssl
......@@ -26,6 +27,10 @@ def ssl_config(section, server):
context.verify_mode = ssl.CERT_REQUIRED
if sys.version_info >= (3, 4):
context.verify_flags |= ssl.VERIFY_X509_STRICT | (
context.cert_store_stats()['crl'] and ssl.VERIFY_CRL_CHECK_LEAF)
if server:
context.check_hostname = False
return context
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment