Patches item #793553, was opened at 2003-08-22 17:15 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=793553&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Documentation Group: Python 2.3 >Status: Closed >Resolution: Accepted Priority: 5 Submitted By: John J Lee (jjlee) >Assigned to: A.M. Kuchling (akuchling) Summary: urllib SSL authentication docs are wrong Initial Comment: urllib docs for URLOpener say: Additional keyword parameters, collected in x509, are used for authentication with the https: scheme. The keywords key_file and cert_file are supported; both are needed to actually retrieve a resource at an https: URL. They're not needed, and the certificate is never checked, because _ssl.c doesn't check it (which is documented in the socket.ssl docs). A doc patch is attached. ---------------------------------------------------------------------- >Comment By: Nobody/Anonymous (nobody) Date: 2006-07-29 17:42 Message: Logged In: NO Patch applied to docs in rev. 50962. The feature of providing a client cert does seem to work. I verified this by running "openssl s_server -accept 8000 -www -cert server.cert -key server.key -verify 1" to provide a server on port 8000, and then running the attached client script. (You'll need to generate client and server keys and certs first.) On running the script, the server prints messages showing that it's received a certificate. Therefore, I'm closing this patch. ---------------------------------------------------------------------- Comment By: Fred L. Drake, Jr. (fdrake) Date: 2006-06-10 13:20 Message: Logged In: YES user_id=3066 This should be handled by someone who knows something about the SSL API. I'm not at all sure why I assigned it to myself to begin with. ---------------------------------------------------------------------- Comment By: Martin v. Löwis (loewis) Date: 2003-08-31 11:27 Message: Logged In: YES user_id=21627 Sure, I agree the current documentation is wrong. It would be good to test the feature before correcting the documentation, though. ---------------------------------------------------------------------- Comment By: John J Lee (jjlee) Date: 2003-08-31 11:09 Message: Logged In: YES user_id=261020 <Googles for x509> Ah. That appears to be true. In that case, do you agree that the following is still wrong (taken from urllib.URLOpener docs)? Additional keyword parameters, collected in x509, are used for authentication with the https: scheme. The keywords key_file and cert_file are supported; both are needed to actually retrieve a resource at an https: URL. You don't need either dict entry for opening most https: URLs. Also, it gives no clue that x509 is for client authentication, and that server authentication is not done. ---------------------------------------------------------------------- Comment By: Martin v. Löwis (loewis) Date: 2003-08-31 09:16 Message: Logged In: YES user_id=21627 Isn't the purpose of these arguments client-side authentication? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=793553&group_id=5470 _______________________________________________ Patches mailing list Patches@python.org http://mail.python.org/mailman/listinfo/patches
