I think if you check the issue tracker, there's already a patch for this
somewhere, IIRC.
Bill
Devin Cook wrote:
> Ok, thanks for all the feedback. Just for clarity, I'll summarize
> everything as I understand it:
>
> * OpenSSL does the all validation of the certificate itself.
> (http://opens
Ok, thanks for all the feedback. Just for clarity, I'll summarize
everything as I understand it:
* OpenSSL does the all validation of the certificate itself.
(http://openssl.org/docs/apps/verify.html)
* httplib should have a way to enable validation of the certificate.
* httplib should have a way
Martin v. Löwis wrote:
> FWIW, I actually don't know the answer for sure, either, so I would have
> to research this myself, too. In any case, _ssl.c is *not* the place
> where any of the certificate validation actually happens - nor does it
> happen elsewhere in the Python source code, IIUC.
St
Bill Janssen wrote:
> > Does it check that the host the socket is connected to is the same as
> > what's given in the CN field in the certificate?
>
> No. That, in general, doesn't work very well. The IETF working group
> on this is considering deprecating putting a hostname in the CN field at
> If this isn't the place to ask these kinds of questions, I apologise.
> I can take the discussion elsewhere if I need to.
It really depends on what "these questions" are. If your question is
"I have this patch, is it correct?", then the question is entirely
appropriate. If it is "I just have bar
On Tue, Jun 16, 2009 at 5:31 PM, Devin Cook wrote:
>> But I really do believe that this is what he need to do next:
>> familiarize himself with OpenSSL. There is a lot of APIs in that
>> library, and it takes a while (i.e.: several months) to get
>> productive, in particular since OpenSSL doesn't h
Devin Cook wrote:
> Also, I have looked through the docs and code, but haven't been able to
> figure out exactly what is included in certificate "validation". Is it just
> validating the chain? Does it check the NotBefore and NotAfter dates?
I believe so, but you'll have to check the OpenSSL cod
> But I really do believe that this is what he need to do next:
> familiarize himself with OpenSSL. There is a lot of APIs in that
> library, and it takes a while (i.e.: several months) to get
> productive, in particular since OpenSSL doesn't have the most
> intuitive API.
Well, I realized this as
>> This question is really off-topic for python-dev. As a python-dev
>> poster, you should do research upfront, and only post on what you
>> consider facts.
>
> Martin, I told him to ask his question about _ssl internals on
> python-dev as he is new, and looking to work on some of the
> internals/
On Tue, Jun 16, 2009 at 3:23 PM, "Martin v. Löwis" wrote:
>> I have a few questions about validating SSL certificates. From what I
>> gather, this validation occurs in the OpenSSL code called from _ssl.c.
>> Is this correct?
>
> This question is really off-topic for python-dev. As a python-dev
> po
> I have a few questions about validating SSL certificates. From what I
> gather, this validation occurs in the OpenSSL code called from _ssl.c.
> Is this correct?
This question is really off-topic for python-dev. As a python-dev
poster, you should do research upfront, and only post on what you
co
Hi all,
I have a few questions about validating SSL certificates. From what I
gather, this validation occurs in the OpenSSL code called from _ssl.c. Is
this correct?
Also, I have looked through the docs and code, but haven't been able to
figure out exactly what is included in certificate "validat
12 matches
Mail list logo
