bad certificate error
Gabriel Genellina
gagsl-py2 at yahoo.com.ar
Wed Jul 29 02:08:19 EDT 2009
En Tue, 28 Jul 2009 09:02:40 -0300, Steven D'Aprano
<steve at remove-this-cybersource.com.au> escribió:
> On Mon, 27 Jul 2009 23:16:39 -0300, Gabriel Genellina wrote:
>
>> I don't see the point on "fixing" either the Python script or httplib to
>> accomodate for an invalid server certificate... If it's just for
>> internal testing, I'd use HTTP instead (at least until the certificate
>> is fixed).
>
> In real life, sometimes you need to drive with bad brakes on your car,
> walk down dark alleys in the bad part of town, climb a tree without a
> safety line, and use a hammer without wearing goggles. We can do all
> these things.
>
> The OP has said that, for whatever reason, he needs to ignore a bad
> server certificate when connecting to HTTPS. Python is a language where
> developers are allowed to shoot themselves in the foot, so long as they
> do so in full knowledge of what they're doing.
>
> So, putting aside all the millions of reasons why the OP shouldn't accept
> an invalid certificate, how can he accept an invalid certificate?
Yes, I understand the situation, but I'm afraid there is no way (that I
know of). At least not without patching _ssl.c; all the SSL negotiation is
handled by the OpenSSL library itself.
I vaguely remember a pure Python SSL implementation somewhere that perhaps
could be hacked to bypass all controls. But making it work properly will
probably require a lot more effort than installing a self signed
certificate in the server...
--
Gabriel Genellina
More information about the Python-list
mailing list