Ok, thanks for all the feedback. Just for clarity, I'll summarize everything as I understand it:
* OpenSSL does the all validation of the certificate itself. (http://openssl.org/docs/apps/verify.html) * httplib should have a way to enable validation of the certificate. * httplib should have a way to enable checking of the reference identity. (that complies with section 3 of this draft: http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-00) * The reference identity checking (and cert validation, I assume) shouldn't be automatic. (per Bill) Does that sound about right? I'll try to work up a patch tonight implementing this. -Devin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
