Message 281237 - Python tracker

Message281237

Author	steve.dower
Recipients	christian.heimes, ned.deily, steve.dower
Date	2016-11-20.00:44:42
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1479602682.63.0.483594270933.issue28747@psf.upfronthosting.co.za>
In-reply-to

Content
When I was stepping through, this callback avoided all of those lookups, so I don't understand how it's being called too late? This approach basically takes the entire raw certificate and lets the OS do whatever it needs. OpenSSL doesn't ever have to crack it open at all (or at least when it does, it can assume the whole chain is trusted). What am I missing here? I've got no doubt I'm missing something, as OpenSSL is possibly the most complicated code I've ever seen :)

Content

When I was stepping through, this callback avoided all of those lookups, so I don't understand how it's being called too late?

This approach basically takes the entire raw certificate and lets the OS do whatever it needs. OpenSSL doesn't ever have to crack it open at all (or at least when it does, it can assume the whole chain is trusted).

What am I missing here? I've got no doubt I'm missing something, as OpenSSL is possibly the most complicated code I've ever seen :)

History
Date	User	Action	Args
2016-11-20 00:44:42	steve.dower	set	recipients: + steve.dower, christian.heimes, ned.deily
2016-11-20 00:44:42	steve.dower	set	messageid: <1479602682.63.0.483594270933.issue28747@psf.upfronthosting.co.za>
2016-11-20 00:44:42	steve.dower	link	issue28747 messages
2016-11-20 00:44:42	steve.dower	create