ssl server: how to disable client cert verfication?
Grant Edwards
grant.b.edwards at gmail.com
Thu Feb 3 17:36:25 EST 2022
On 2022-02-03, Barry <barry at barrys-emacs.org> wrote:
>
>> [...] I just want to require that the client provide a certificate
>> and then print it out using print(connection.getpeercert())
>
> I am not near the pc with the code on. But in outline you provide a
> ssl context that returns true for the validation of the cert always.
I thought that was what I was asking.
How do you create an ssl context that requests a client certificate
but then treats any received client certificate as valid?
I've looked through the ssl.Context documentation multiple times, and
haven't been able to spot any option or flag that disables client
certificate validation or allows the user to override the actual
client certificate validation process.
> You also get to have x509 cert in your hands. I use pyopenssl to
> play with x.509 certs.
I don't have any problem getting and printing the certificate once the
connection is established. The problem is preventing the handshake
from failing when the client certificate isn't valid and signed by a
CA provided to the context with .load_verify_locations().
> Let me know if this is not enough info and I will dig out the code I
> have that does this custom cert stuff.
--
Grant
More information about the Python-list
mailing list