ssl server: how to disable client cert verfication?
Grant Edwards
grant.b.edwards at gmail.com
Fri Feb 4 14:46:15 EST 2022
On 2022-02-04, Dieter Maurer <dieter at handshake.de> wrote:
> Grant Edwards wrote at 2022-2-3 14:36 -0800:
>>On 2022-02-03, Barry <barry at barrys-emacs.org> wrote:
>> ...
>>I've looked through the ssl.Context documentation multiple times, and
>>haven't been able to spot any option or flag that disables client
>>certificate validation or allows the user to override the actual
>>client certificate validation process.
>
> Note that Python does not do the certificate validation itself
> but delegates this to the underlying SSL library.
> Thus, this library would need to support your use case.
> It may not as your scenario is quite special.
The corresponding scenario is easily supported for the client
side. Even "openssl s_client" offers the option to ignore cert
validation failures and print the cert anyway. It seems odd that
s_server can't do the same.
--
Grant
More information about the Python-list
mailing list