Getting SSL certificate
Stuart D. Gathman
stuart at bmsi.com
Sun Nov 10 21:32:06 EST 2002
On Sun, 10 Nov 2002 02:49:52 -0500, Martin v. Loewis wrote:
> While that might be the case, I don't really see the need for that. If
> you expose SSL_get_verify_result, your application would work, right?
>
> If you provide a patch that exposes both (get_verify_result, and
> server_cert), this would be most appreciated.
You are correct. I have to provide a proof of concept demo by the 15th -
so I will go ahead and use python, glossing over the lack of actual
certificate verification for the demo. I am confident now that I can
patch socketmodule.c to provide the needed functionality later. This is
for a business EDI application, and the PHB believes that it must already
be secure because it uses SSL - so the lack of authentication won't be
noticed for the demo. He simply does not understand how you could be
talking to the wrong party if it's encrypted.
--
Stuart D. Gathman <stuart at bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
More information about the Python-list
mailing list