Martin v. Löwis <mar...@v.loewis.de> added the comment: > The attached patch adds client-side cert support to httplib, as well as > validation. Rather than just commit this, I would like to have additional > review.
I wouldn't call the feature "client-side cert support" - client certificates are already supported, and had been for a long time. What you are adding to httplib is server certificate validation. I find the patch incomplete, for formal and semantical reasons: a) it doesn't come with documentation or test suite changes, and b) it doesn't implement the typical certificate checks that browsers do, beyond validating that the certificate is valid - e.g. also validating that the certificate is issued to the host you are trying to connect to. API-wise, I'm not sure what the point of passing cert_reqs as a parameter is - ISTM that, in httplib, if ca_certs is not None, then cert_reqs should automatically be CERT_REQUIRED (just like it is in get_server_certificate). > Also, ideally this could be added to 2.6 maint (it seems like a pretty big > hole) It's a new feature, so it shouldn't be added to 2.6. Not sure what you mean by "big hole". ---------- nosy: +loewis _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6273> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
