File tree Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -878,8 +878,16 @@ mod _ssl {
878878 let certs = ctx. cert_store ( ) . all_certificates ( ) ;
879879 #[ cfg( not( ossl300) ) ]
880880 let certs = ctx. cert_store ( ) . objects ( ) . iter ( ) . filter_map ( |x| x. x509 ( ) ) ;
881+
882+ // Filter to only include CA certificates (Basic Constraints: CA=TRUE)
881883 let certs = certs
882884 . into_iter ( )
885+ . filter ( |cert| {
886+ unsafe {
887+ // X509_check_ca() returns 1 for CA certificates
888+ X509_check_ca ( cert. as_ptr ( ) ) == 1
889+ }
890+ } )
883891 . map ( |ref cert| cert_to_py ( vm, cert, binary_form) )
884892 . collect :: < Result < Vec < _ > , _ > > ( ) ?;
885893 Ok ( certs)
@@ -1727,6 +1735,12 @@ mod _ssl {
17271735 unsafe impl Sync for PySslMemoryBio { }
17281736
17291737 // OpenSSL functions not in openssl-sys
1738+
1739+ unsafe extern "C" {
1740+ // X509_check_ca returns 1 for CA certificates, 0 otherwise
1741+ fn X509_check_ca ( x : * const sys:: X509 ) -> libc:: c_int ;
1742+ }
1743+
17301744 unsafe extern "C" {
17311745 fn SSL_get_ciphers ( ssl : * const sys:: SSL ) -> * const sys:: stack_st_SSL_CIPHER ;
17321746 }
You can’t perform that action at this time.
0 commit comments