verifying ssl certificates
Gerhard =?unknown-8bit?Q?H=E4ring?=
gh_pythonlist at gmx.de
Wed Apr 3 05:34:24 EST 2002
* Paul Rubin <phr-n2002a at nightsong.com> [2002-04-02 19:05 -0800]:
> "Christopher N. Deckard" <cnd at ecn.purdue.edu> writes:
> > In other words:
> >
> > import socket
> >
> > cert = open('my_cert')
> > s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
> > s.connect(('host', 'port'))
> > ss = ssl(s, cert, None)
> >
> > That last line being the key. Does that do the certificate
> > validation?
I'd recommend to not use the standard Python SSL for security-critical
applications at this point. Lots of bugs have been fixed, but it's not very
good by design.
> I'm not familiar with how the socket module does ssl, but if ssl() is
> supposed to do an SSL session negotiation, then yes, it should check
> the cert.
It should, however it doesn't check the certificates at all (Modules/_ssl.c):
SSL_CTX_set_verify(self->ctx,
SSL_VERIFY_NONE, NULL); /* set verify lvl */
Gerhard
--
This sig powered by Python!
Außentemperatur in München: 15.4 °C Wind: 5.9 m/s
More information about the Python-list
mailing list