On 9/29/2010 3:51 PM, Antoine Pitrou wrote:
On Wed, 29 Sep 2010 13:41:15 -0700
John Nagle<na...@animats.com> wrote:
The really stupid thing about the current SSL module is that it
accepts a file of root certificates as a parameter, but ignores it.
That's not true. You have to pass CERT_OPTIONAL or CERT_REQUIRED as a
parameter (CERT_NONE is though).
If you pass CERT_REQUIRED and a root certificate authority file,
there has to be some certificate, but the signature chain is
not validated against the CA file, so the cert doesn't certify
anything. Phony web sites look valid to Python's SSL library.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
