changeset: 89952:0485552b487e parent: 89950:3047db8f6126 parent: 89951:6f776c91da08 user: Donald Stufft date: Mon Mar 24 19:28:08 2014 -0400 files: Misc/NEWS description: Merge in 3.4 to bring forward the Issue #21043 changes. diff -r 3047db8f6126 -r 0485552b487e Doc/library/ssl.rst --- a/Doc/library/ssl.rst Mon Mar 24 22:25:39 2014 +0000 +++ b/Doc/library/ssl.rst Mon Mar 24 19:28:08 2014 -0400 @@ -1339,20 +1339,9 @@ certificate, you need to provide a "CA certs" file, filled with the certificate chains for each issuer you are willing to trust. Again, this file just contains these chains concatenated together. For validation, Python will use the first -chain it finds in the file which matches. Some "standard" root certificates are -available from various certification authorities: `CACert.org -`_, `Thawte -`_, `Verisign -`_, `Positive SSL -`_ -(used by python.org), `Equifax and GeoTrust -`_. - -In general, if you are using SSL3 or TLS1, you don't need to put the full chain -in your "CA certs" file; you only need the root certificates, and the remote -peer is supposed to furnish the other certificates necessary to chain from its -certificate to a root certificate. See :rfc:`4158` for more discussion of the -way in which certification chains can be built. +chain it finds in the file which matches. The platform's certificates file can +be used by calling :meth:`SSLContext.load_default_certs`, this is done +automatically with :func:`.create_default_context`. Combined key and certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff -r 3047db8f6126 -r 0485552b487e Misc/NEWS --- a/Misc/NEWS Mon Mar 24 22:25:39 2014 +0000 +++ b/Misc/NEWS Mon Mar 24 19:28:08 2014 -0400 @@ -104,6 +104,9 @@ Documentation ------------- +- Issue #21043: Remove the recommendation for specific CA organizations and to + mention the ability to load the OS certificates. + - Issue #20765: Add missing documentation for PurePath.with_name() and PurePath.with_suffix().