gh-109109: Expose retrieving certificate chains in SSL module

[matiuszka]

This is fix for: #109109

Thanks to that we have documented and exposed Python API for retrieving certificate chains that are mandatory to perform OCSP revocation checks.

---

📚 Documentation preview 📚: https://cpython-previews--109113.org.readthedocs.build/

• Issue: ssl.SSLObject and ssl.SSLSocket should expose method to get certificate chain #109109

[ghost]

All commit authors signed the Contributor License Agreement.

[bedevere-bot]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[bedevere-bot]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[bedevere-bot]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[bedevere-bot]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[matiuszka]

I have made the requested changes; please review again

[bedevere-bot]

Thanks for making the requested changes!

@gpshead: please review the changes made to this pull request.

[bedevere-bot]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

[bedevere-app]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[gpshead]

overall the code for this is in good shape, I'm down to picking on the documentation now. :)

Don't worry about the NEWS entry that our bot is pinging about, I'll add an appropriate one before merging.

[bedevere-app]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[bedevere-app]

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

[bedevere-bot]

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot s390x RHEL7 LTO + PGO 3.x has failed when building commit 5a740cd.

What do you need to do:

1. Don't panic.
2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/244/builds/5472) and take a look at the build logs.
4. Check if the failure is related to this commit (5a740cd) or if it is a false positive.
5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/244/builds/5472

Failed tests:

• test.test_asyncio.test_subprocess

Failed subtests:

• test_subprocess_consistent_callbacks - test.test_asyncio.test_subprocess.SubprocessThreadedWatcherTests.test_subprocess_consistent_callbacks

Summary of the results of the build (if available):

==

Click to see traceback logs

Traceback (most recent call last): File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto-pgo/build/Lib/test/test_asyncio/test_subprocess.py", line 788, in test_subprocess_consistent_callbacksself.loop.run_until_complete(main()) File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto-pgo/build/Lib/asyncio/base_events.py", line 664, in run_until_completereturn future.result() ^^^^^^^^^^^^^^^ File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto-pgo/build/Lib/test/test_asyncio/test_subprocess.py", line 780, in mainself.assertEqual(events, [ AssertionError: Lists differ: [('pi[29 chars]t'), 'pipe_connection_lost', ('pipe_data_recei[57 chars]ted'] != [('pi[29 chars]t'), ('pipe_data_received', 2, b'stderr'), 'pi[57 chars]ted']

[bedevere-bot]

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot s390x RHEL7 LTO 3.x has failed when building commit 5a740cd.

What do you need to do:

1. Don't panic.
2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/402/builds/5425) and take a look at the build logs.
4. Check if the failure is related to this commit (5a740cd) or if it is a false positive.
5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/402/builds/5425

Failed tests:

• test.test_asyncio.test_subprocess

Failed subtests:

• test_subprocess_consistent_callbacks - test.test_asyncio.test_subprocess.SubprocessThreadedWatcherTests.test_subprocess_consistent_callbacks

Summary of the results of the build (if available):

==

Click to see traceback logs

Traceback (most recent call last): File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto/build/Lib/test/test_asyncio/test_subprocess.py", line 788, in test_subprocess_consistent_callbacksself.loop.run_until_complete(main()) File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto/build/Lib/asyncio/base_events.py", line 664, in run_until_completereturn future.result() ^^^^^^^^^^^^^^^ File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel-z.lto/build/Lib/test/test_asyncio/test_subprocess.py", line 780, in mainself.assertEqual(events, [ AssertionError: Lists differ: ['process_exited', ('pipe_data_received', 1, b'stdout')] != [('pipe_data_received', 1, b'stdout'), ('p[95 chars]ted']

[bedevere-bot]

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot AMD64 Debian root 3.x has failed when building commit 5a740cd.

What do you need to do:

1. Don't panic.
2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/345/builds/5873) and take a look at the build logs.
4. Check if the failure is related to this commit (5a740cd) or if it is a false positive.
5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/345/builds/5873

Failed tests:

• test.test_multiprocessing_forkserver.test_processes

Summary of the results of the build (if available):

==

Click to see traceback logs

remote: Enumerating objects: 12, done. remote: Counting objects: 8% (1/12) remote: Counting objects: 16% (2/12) remote: Counting objects: 25% (3/12) remote: Counting objects: 33% (4/12) remote: Counting objects: 41% (5/12) remote: Counting objects: 50% (6/12) remote: Counting objects: 58% (7/12) remote: Counting objects: 66% (8/12) remote: Counting objects: 75% (9/12) remote: Counting objects: 83% (10/12) remote: Counting objects: 91% (11/12) remote: Counting objects: 100% (12/12) remote: Counting objects: 100% (12/12), done. remote: Compressing objects: 8% (1/12) remote: Compressing objects: 16% (2/12) remote: Compressing objects: 25% (3/12) remote: Compressing objects: 33% (4/12) remote: Compressing objects: 41% (5/12) remote: Compressing objects: 50% (6/12) remote: Compressing objects: 58% (7/12) remote: Compressing objects: 66% (8/12) remote: Compressing objects: 75% (9/12) remote: Compressing objects: 83% (10/12) remote: Compressing objects: 91% (11/12) remote: Compressing objects: 100% (12/12) remote: Compressing objects: 100% (12/12), done. remote: Total 12 (delta 0), reused 5 (delta 0), pack-reused 0  From https://github.com/python/cpython * branch main -> FETCH_HEAD Note: switching to '5a740cd06ec1191767edcc6d3a7d5eca7873cb7b'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example: git switch -c <new-branch-name> Or undo this operation with: git switch - Turn off this advice by setting config variable advice.detachedHead to false HEAD is now at 5a740cd06e gh-109109: Expose retrieving certificate chains in SSL module (#109113) Switched to and reset branch 'main' configure: WARNING: pkg-config is missing. Some dependencies may not be detected correctly. Kill <WorkerThread #2 running test=test_cmd_line pid=3763074 time=3.2 sec> process group make: *** [Makefile:2034: buildbottest] Error 5

[bedevere-bot]

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot s390x RHEL8 LTO 3.x has failed when building commit 5a740cd.

What do you need to do:

1. Don't panic.
2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/567/builds/4926) and take a look at the build logs.
4. Check if the failure is related to this commit (5a740cd) or if it is a false positive.
5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/567/builds/4926

Failed tests:

• test.test_asyncio.test_subprocess

Failed subtests:

• test_subprocess_consistent_callbacks - test.test_asyncio.test_subprocess.SubprocessThreadedWatcherTests.test_subprocess_consistent_callbacks

Summary of the results of the build (if available):

==

Click to see traceback logs

Traceback (most recent call last): File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel8-z.lto/build/Lib/test/test_asyncio/test_subprocess.py", line 788, in test_subprocess_consistent_callbacksself.loop.run_until_complete(main()) File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel8-z.lto/build/Lib/asyncio/base_events.py", line 664, in run_until_completereturn future.result() ^^^^^^^^^^^^^^^ File "/home/dje/cpython-buildarea/3.x.edelsohn-rhel8-z.lto/build/Lib/test/test_asyncio/test_subprocess.py", line 780, in mainself.assertEqual(events, [ AssertionError: Lists differ: ['process_exited', ('pipe_data_received', 1, b'stdout')] != [('pipe_data_received', 1, b'stdout'), ('p[95 chars]ted']