This mailing list is for dealing with the Python Cryptographic Authority family of libraries, so we're not really in a position to provide support for the Python stdlib modules. For that you want something like https://discuss.python.org/.
That said, if you really this this to apply to _all_ X.509 validation for TLS connections, your best bet is probably to monkeypatch https://docs.python.org/3/library/ssl.html#ssl.create_default_context to return a context with your verify callback. Alex On Fri, Jan 7, 2022 at 1:13 PM Edward Tsang via Cryptography-dev <cryptography-dev@python.org> wrote: > > Is it possible to change the behavior of how standard python verifies X509 > certificates? The background is that I want to filter, ignore and log some > of the X509 certificate validation errors. I would like to apply universally > for the Python standard library includes multiple modules that provide HTTP > client functionality, including httplib, urllib, urllib2, and xmlrpclib. Does > the python offers a way for user to customize certificate verification > behavior? Anyone can point out how to do this or link to any project that is > doing that? > > As per openssl doc, we can do that > https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html > we can customize how certificate verify callback with this > > void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, > X509_STORE_CTX_verify_cb verify_cb); > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
