[pyOpenSSL] Missing API for client authentication renegotiation
Emmanuel Raviart
eraviart at entrouvert.com
Sun Dec 19 09:54:23 CET 2004
Hello,
I'm using PyOpenSSL to develop a free software implementation of Liberty
Alliance single sign-on protocol.
http://lasso.entrouvert.org/souk
It works very well, but to improve client authentication, I need to
renegotiate client verify mode after the SSL connection is established.
So, I would like to transpose the following C code into Python:
SSL_set_verify(ssl,SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
/* Stop the client from just resuming the
un-authenticated session */
SSL_set_session_id_context(ssl,
(void *)&s_server_auth_session_id_context,
sizeof(s_server_auth_session_id_context));
SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
ssl->state=SSL_ST_ACCEPT;
SSL_do_handshake(ssl);
[This code fragment is taken from wserver2.c sample code by Eric
Rescoria <http://www.rtfm.com/openssl-examples/>]
But I didn't find in PyOpenSSL a way to:
- call SSL_set_verify
- change ssl->state without using SSL_set_accept_state
Is this a missing feature of PyOpenSSL? Is there another way to
implement client authentication renegotiation?
Regards,
Emmanuel Raviart
--
Lasso (Liberty Alliance Single Sign-On) -- http://lasso.entrouvert.org
Entr'ouvert -- www.entrouvert.com
More information about the pyopenssl-users
mailing list