ssl server: how to disable client cert verfication?
Kushal Kumaran
kushal at locationd.net
Thu Feb 3 14:32:45 EST 2022
On Thu, Feb 03 2022 at 10:57:56 AM, Grant Edwards <grant.b.edwards at gmail.com> wrote:
> I've got a small ssl server app. I want to require a certificate from
> the client, so I'm using a context with
>
> context.verify_mode = ssl.CERT_REQUIRED
>
> But, I want all certificates accepted. How do I disable client
> certificate verification?
>
Perhaps you can explain what your goal is. Which kinds of client
certificates do you want to permit (to the best of my knowledge, none of
these can be actually allowed):
- expired certificates
- self-signed certificates
- certificates signed by untrusted CA
- completely garbage certificates (bad signature, etc.)
I don't see what benefit you expect from requiring client certificates
if you don't care what the certificate says. Why not simply set
verify_mode to SSL_NONE and use other authentication mechanisms?
--
regards,
kushal
More information about the Python-list
mailing list