Please backport pyopnessl 16.2.0 to Jessie
The current version of pyopenssl in jessie-backports has a bug which
makes it impossible to check the signature algorithm a certificate
uses. Upstream fixed the bug in 16.1.0  and since stretch has 16.2.0
simply backporting this version should fix the problem.
According to the upstream changelog there have only been bug fixes and
no breaking changes (besides dropping support for ancient openssl 0.9.8)
since 16.0.0, which is the current version in jessie-backports.
Thanks in advance!
 .. https://github.com/pyca/pyopenssl/commit/39ea5314e738ffb6455afe1df2e99f69a2aeb465