On Tue, Jun 16, 2009 at 5:31 PM, Devin Cook<devin.c.c...@gmail.com> wrote: >> But I really do believe that this is what he need to do next: >> familiarize himself with OpenSSL. There is a lot of APIs in that >> library, and it takes a while (i.e.: several months) to get >> productive, in particular since OpenSSL doesn't have the most >> intuitive API. > > Well, I realized this as soon as I looked at the _ssl.c code... I was > just hoping that someone would be able to give me a quick > clarification on exactly what gets validated. If it's just the chain > (which is what I suspect), I would like to submit a patch that does > the rest of the validation (that a browser typically does: > CN/hostname, NotBefore, NotAfter, etc.) in the ssl module. I was also > hoping to find out what the consensus is about this: mainly, *should* > that verification be done in the ssl module? Maybe this verification > should somehow be done in OpenSSL, which would mean that I need to do > a LOT more reading and go pester their mailing list instead. > > This is for issue 6273 ( http://bugs.python.org/issue6273 ). In your > reply to that issue, it seemed to me like you were saying that these > things were not getting checked in the ssl module (and, therefore, not > in OpenSSL either): >
Also my initial bug report "client-side cert support" was a big fat typo on my part. face-palm'dly yours, jesse _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com