[Patches] [ python-Patches-810754 ] socket.ssl should check
certificates
SourceForge.net
noreply at sourceforge.net
Sun Oct 26 11:47:48 EST 2003
Patches item #810754, was opened at 2003-09-22 20:30
Message generated for change (Comment added) made by loewis
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=810754&group_id=5470
Category: Modules
Group: Python 2.2.x
>Status: Closed
>Resolution: Rejected
Priority: 5
Submitted By: Damjan Georgievski (gdamjan)
Assigned to: Martin v. Löwis (loewis)
Summary: socket.ssl should check certificates
Initial Comment:
I've decided to post here the patch proposed by Ed
Phillips, since I think it's simple addition to the
socket.ssl that will drastically increase its
usefullness... The point of the patch is for a
socket.ssl object to check the certificate received by
the peer.
http://mail.python.org/pipermail/python-list/2003-July/174933.html
----------------------------------------------------------------------
>Comment By: Martin v. Löwis (loewis)
Date: 2003-10-26 17:47
Message:
Logged In: YES
user_id=21627
I think you are mis-interpreting the purpose of the key_file
and cert_file arguments. They do *not* indicate the
certificate of the trusted CAs, but provide the key and
certificate of the *client*. By re-interpreting the
cert_file as the file of the trusted CAs, you break
client-side authentication. Therefore, i reject this patch.
That said, I do agree that checking server-side certificates
is a useful think, so I encourage you to provide a new patch
which does that, e.g. by adding a certificate_chain_file
argument (or some such).
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=810754&group_id=5470
More information about the Patches
mailing list