This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, giampaolo.rodola, gvanrossum, janssen, pitrou
Date 2013-11-22.14:12:55
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1385129576.14.0.508860828251.issue19689@psf.upfronthosting.co.za>
In-reply-to
Content 
Good point!

We need a purpose flag anyway in order to load the appropriate root CA certs. The purpose flag can be used for purpose-specific verify mode:

SERVER_AUTH = _ASN1Object('1.3.6.1.5.5.7.3.1')
CLIENT_AUTH = _ASN1Object('1.3.6.1.5.5.7.3.2')

    if isinstance(purpose, str):
        purpose = _ASN1Object.fromname(purpose)
    if verify_mode is None:
        if purpose == SERVER_AUTH:
            # authenticate a TLS web server (for client sockets). The default 
            # setting may change in the future.
            verify_mode = CERT_NONE
        elif purpose == CLIENT_AUTH:
            # authenticate a TLS web client (for server sockets). The default
            # setting is guaranteed to be stable and will never change.
            verify_mode = CERT_NONE
        else:
            # other (code signing, S/MIME, IPSEC, ...), default may change.
            verify_mode = CERT_NONE
    context.verify_mode = verify_mode
History
Date User Action Args
2013-11-22 14:12:56christian.heimessetrecipients: + christian.heimes, gvanrossum, janssen, pitrou, giampaolo.rodola
2013-11-22 14:12:56christian.heimessetmessageid: <1385129576.14.0.508860828251.issue19689@psf.upfronthosting.co.za>
2013-11-22 14:12:56christian.heimeslinkissue19689 messages
2013-11-22 14:12:55christian.heimescreate