Message191796
At present (Python 2.7.[45] and 3.3.[12]), the cert_reqs parameter of ssl.wrap_socket can be one of:
ssl.CERT_NONE
ssl.CERT_OPTIONAL
ssl.CERT_REQUIRED
I would find the following additional modes to be useful:
ssl.CERT_OPTIONAL_NO_VERIFY
ssl.CERT_REQUIRED_NO_VERIFY
In these cases, the server's certificate would be available via the .getpeercert () method, even if the certificate does not pass verification.
The use case for these modes would be connecting to servers, some of which may use valid certificates, and others of which may be using self signed certificates.
Another use case might be an "ssh-like" mode of operation. ssh will warn the user of possible man-in-the-middle attacks if a server's public key has changed.
Thanks! |
|
Date |
User |
Action |
Args |
2013-06-24 19:04:53 | mpb | set | recipients:
+ mpb |
2013-06-24 19:04:53 | mpb | set | messageid: <1372100693.76.0.99629035685.issue18293@psf.upfronthosting.co.za> |
2013-06-24 19:04:53 | mpb | link | issue18293 messages |
2013-06-24 19:04:53 | mpb | create | |
|