[Python-Dev] SSL Certificate Validation
Devin Cook
devin.c.cook at gmail.com
Tue Jun 16 16:09:11 CEST 2009
Hi all,
I have a few questions about validating SSL certificates. From what I
gather, this validation occurs in the OpenSSL code called from _ssl.c. Is
this correct?
Also, I have looked through the docs and code, but haven't been able to
figure out exactly what is included in certificate "validation". Is it just
validating the chain? Does it check the NotBefore and NotAfter dates? Does
it check that the host the socket is connected to is the same as what's
given in the CN field in the certificate?
Where I'm going with this is I think all this checking needs to be part of
certificate validation in the ssl module. If it isn't yet, I'd be happy to
work on a patch for it. Please let me know what you think.
Thanks!
-Devin Cook
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090616/761bb87f/attachment.htm>
More information about the Python-Dev
mailing list