[issue31242] Add SSLContext.set_verify_callback()
Ryan Finnie
report at bugs.python.org
Sun Aug 20 17:49:16 EDT 2017
New submission from Ryan Finnie:
At the moment, SSLContext.verify_mode() allows for three modes when dealing with Purpose.CLIENT_AUTH / server_side=True:
- CERT_NONE (server does not request client certificate, client does not provide it)
- CERT_OPTIONAL (server requests client certificate, raises SSLError if provided but fails verification, continues if not provided)
- CERT_REQUIRED (server requests client certificate, raises SSLError if provided but fails verification, raises SSLError if not provided)
There is currently no way to request a client certificate and manually verify it (or ignore it) if it doesn't pass OpenSSL verification. OpenSSL provides SSL_CTX_set_cert_verify_callback for using a custom callback[0], but this is not exposed in Python.
It would be nice to have a set_verify_callback() method, similar to how set_servername_callback() does it for SSL_CTX_set_tlsext_servername_callback.
[0] https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify.html
----------
assignee: christian.heimes
components: SSL
messages: 300607
nosy: christian.heimes, rfinnie
priority: normal
severity: normal
status: open
title: Add SSLContext.set_verify_callback()
type: enhancement
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue31242>
_______________________________________
More information about the Python-bugs-list
mailing list