[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
Bill Janssen
report at bugs.python.org
Thu Dec 13 19:10:26 CET 2007
Bill Janssen added the comment:
The mechanism is there for direct use of the SSL module, yes. But the
question is, what should indirect usage, like the httplib or urllib modules,
do? If they are going to check hostnames on use of an https: URL, they need
some way to pass a ca_certs file through to the SSL code they use.
Bill
On Dec 13, 2007 7:14 AM, Andreas Hasenack <report at bugs.python.org> wrote:
>
> Andreas Hasenack added the comment:
>
> > do it automatically. Unfortunately, that means that client-side
> certificate
> > verification has to be done (it's pointless to look at the data in
> > unverified certificates), and that means that the client software has to
> > have an appropriate collection of root certificates to verify against.
> I
>
> But the current API already has this feature:
> ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/pki/tls/rootcerts/%s" % cert,
> cert_reqs=ssl.CERT_REQUIRED)
>
> So this is already taken care of with ca_certs and cert_reqs, right?
>
> __________________________________
> Tracker <report at bugs.python.org>
> <http://bugs.python.org/issue1589>
> __________________________________
>
Added file: http://bugs.python.org/file8941/unnamed
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1589>
__________________________________
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: unnamed
Url: http://mail.python.org/pipermail/python-bugs-list/attachments/20071213/4b863bc7/attachment.txt
More information about the Python-bugs-list
mailing list