This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author mpb
Recipients mpb
Date 2013-06-24.19:04:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1372100693.76.0.99629035685.issue18293@psf.upfronthosting.co.za>
In-reply-to
Content 
At present (Python 2.7.[45] and 3.3.[12]), the cert_reqs parameter of ssl.wrap_socket can be one of:

ssl.CERT_NONE
ssl.CERT_OPTIONAL
ssl.CERT_REQUIRED

I would find the following additional modes to be useful:
ssl.CERT_OPTIONAL_NO_VERIFY
ssl.CERT_REQUIRED_NO_VERIFY

In these cases, the server's certificate would be available via the .getpeercert () method, even if the certificate does not pass verification.

The use case for these modes would be connecting to servers, some of which may use valid certificates, and others of which may be using self signed certificates.

Another use case might be an "ssh-like" mode of operation.  ssh will warn the user of possible man-in-the-middle attacks if a server's public key has changed.

Thanks!
History
Date User Action Args
2013-06-24 19:04:53mpbsetrecipients: + mpb
2013-06-24 19:04:53mpbsetmessageid: <1372100693.76.0.99629035685.issue18293@psf.upfronthosting.co.za>
2013-06-24 19:04:53mpblinkissue18293 messages
2013-06-24 19:04:53mpbcreate