This mailing list is for dealing with the Python Cryptographic
Authority family of libraries, so we're not really in a position to
provide support for the Python stdlib modules. For that you want
something like https://discuss.python.org/.

That said, if you really this this to apply to _all_ X.509 validation
for TLS connections, your best bet is probably to monkeypatch
https://docs.python.org/3/library/ssl.html#ssl.create_default_context
to return a context with your verify callback.

Alex

On Fri, Jan 7, 2022 at 1:13 PM Edward Tsang via Cryptography-dev
<cryptography-dev@python.org> wrote:
>
> Is it possible to change the behavior of how standard python verifies X509 
> certificates? The background is that  I want to filter, ignore and log some 
> of the  X509 certificate validation errors. I would like to apply universally 
> for the Python standard library includes multiple modules that provide HTTP 
> client functionality, including httplib, urllib, urllib2, and xmlrpclib. Does 
> the python  offers a way for user to customize certificate verification 
> behavior? Anyone can point out how to do this or link to any project that is 
> doing that?
>
> As per openssl doc, we can do that
> https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html
> we can customize how certificate verify callback with this
>
> void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
>                                    X509_STORE_CTX_verify_cb verify_cb);
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev@python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev



-- 
All that is necessary for evil to succeed is for good people to do nothing.
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to