Message89302
> The attached patch adds client-side cert support to httplib, as well as
> validation. Rather than just commit this, I would like to have additional
> review.
I wouldn't call the feature "client-side cert support" - client
certificates are already supported, and had been for a long time.
What you are adding to httplib is server certificate validation.
I find the patch incomplete, for formal and semantical reasons:
a) it doesn't come with documentation or test suite changes, and
b) it doesn't implement the typical certificate checks that browsers
do, beyond validating that the certificate is valid - e.g. also
validating that the certificate is issued to the host you are trying
to connect to.
API-wise, I'm not sure what the point of passing cert_reqs as a
parameter is - ISTM that, in httplib, if ca_certs is not None, then
cert_reqs should automatically be CERT_REQUIRED (just like it is
in get_server_certificate).
> Also, ideally this could be added to 2.6 maint (it seems like a pretty big
> hole)
It's a new feature, so it shouldn't be added to 2.6. Not sure what you
mean by "big hole". |
|
Date |
User |
Action |
Args |
2009-06-12 21:00:31 | loewis | set | recipients:
+ loewis, jnoller |
2009-06-12 21:00:30 | loewis | link | issue6273 messages |
2009-06-12 21:00:30 | loewis | create | |
|