Message 152296 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	loewis
Recipients	Nathanael.Noblet, loewis, orsenthil, pitrou
Date	2012-01-30.00:45:23
SpamBayes Score	0.0054549626
Marked as misclassified	No
Message-id	<4F25E822.8050804@v.loewis.de>
In-reply-to	<20120129233906.GA6478@mathmagic>

Content
> By that I mean, sending the ca_file and cert_reqs from the client, > which I believe would be required if you want to verify the server > certificate from the client end [1]. The other clients send only > the cert_file and the key_file. Ah, you are probably referring to the "server name indication", which is a fairly recent TLS feature. Python does support it, in the server_hostname context field. You never ever send the CA certificate to the server in TLS, AFAIK (except as part of a chain including your own client certificate).

> By that I mean, sending the ca_file and cert_reqs from the client,
> which I believe would be required if you want to verify the server
> certificate from the client end [1]. The other clients send only
> the cert_file and the key_file.

Ah, you are probably referring to the "server name indication",
which is a fairly recent TLS feature.

Python does support it, in the server_hostname context field.

You never ever send the CA certificate to the server in TLS,
AFAIK (except as part of a chain including your own client
certificate).

History
Date	User	Action	Args
2012-01-30 00:45:23	loewis	set	recipients: + loewis, orsenthil, pitrou, Nathanael.Noblet
2012-01-30 00:45:23	loewis	link	issue13856 messages
2012-01-30 00:45:23	loewis	create