Message66834
Yep, it looks like you're on the right track. I'll close this bug.
Bill
On Wed, May 14, 2008 at 12:51 PM, Ruben Kerkhof <report@bugs.python.org>
wrote:
>
> Ruben Kerkhof <ruben@rubenkerkhof.com> added the comment:
>
> Hi Bill,
>
> When I include the server certificate in ca_certs, verification
> succeeds, and I can view the peer certificate dict with getpeercert(False)
>
> When I set ca_certs to none and ssl.CERT_NONE, I can still call
> getpeercert(True) and call DER_cert_to_PEM_cert to get the same PEM
> certificate.
>
> SSL is all new to me, so forgive me if I talk nonsense, but what I'm
> trying to do is the following:
>
> I receive a key from Bob which is a digest of his servers certificate.
> To make sure I'm really talking to Bob I need to decrypt his servers
> signature with his public key and check the resulting digest against my
> key. So I have to ignore failures like
> X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and
> X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, but detect things like
> X509_V_ERR_CERT_SIGNATURE_FAILURE.
>
> The idea is based on what foolscap is doing with FURLS
> (http://foolscap.lothar.com/trac)
>
> Am I making sense?
>
> __________________________________
> Tracker <report@bugs.python.org>
> <http://bugs.python.org/issue2838>
> __________________________________
> |
File name |
Uploaded |
unnamed
|
janssen,
2008-05-14.21:57:32
|
|
Date |
User |
Action |
Args |
2008-05-14 21:57:36 | janssen | set | spambayes_score: 6.23218e-05 -> 6.232183e-05 recipients:
+ janssen, ruben |
2008-05-14 21:57:34 | janssen | link | issue2838 messages |
2008-05-14 21:57:34 | janssen | create | |
|