On 01/03/10 21:05 +0100, Hartmut Goebel wrote: > Am 01.03.2010 18:27, schrieb Cédric Krier: > > > He says that he can implement the same functionnality with one line of code. > > So here we are waiting for your one line? > > Everything you want to achieve with you "fingerprint" file is already > build into SSL. So here is the line:: > > self.ssl_sock = ssl.wrap_socket(self.sock, cert_reqs=True, > ca_certs=os.path.join(get_config_dir(), 'ca-bundle.crt')
This is exactly what I suggest by saying CA. And you answer it was not that! So explain how users will create the ca-bundle.crt ? How to manage it ? We try to make a simple software. > > (For real usage we should add some boilerplate thought ;-) > > Sorry for being harsh, ced. This discussion here and the earlier once > about SSL show that you are lacking basic knowledge and understanding > about SSL, certificates, how to use SSL correctly, how to use > certificates correctly, how to use certificates in conjunction with SSL > correctly. This kind of answer is completly useless and I know all of that! > > Why are you not trusting others to know what they are talking about? I never say that ! > Why > are you ignoring the tips of others? I never do that. > I'm a security consultant for some > 10 years now. This kind of answer is pointless. I only trust fact ! > It's my daily business. I've seen lots of bad stuff like > this in these years. And I know why they will not work out in the long > run -- if they work at all. What makes you believe, you are smarter > about IT security? I will never accept arguments that are based on authority. Explain what is wrong? What will go bad? I see that fingerprints is something that is done by some security solution like OpenSSH. Even OpenSSL has a option to printout fingerprint: "openssl x509 -noout -in cert.pem -fingerprint" -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgp6v29Jy3XdX.pgp
Description: PGP signature
