Message203884
How about:
- load ca cert from default verify locations
- try connect with CERT_REQUIRED
- print warning when cert validation fails and try again with CERT_NONE
- match hostname otherwise
At least this warns the user about the issue. Is there way to distinguish between CA missing and other failures?
Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Well, passive attacks are the easiest to mount by a casual attacker, so
>I think this is important to get in.
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue12226>
>_______________________________________ |
|
Date |
User |
Action |
Args |
2013-11-22 21:25:22 | christian.heimes | set | recipients:
+ christian.heimes, loewis, fdrake, barry, richard, georg.brandl, pitrou, larry, techtonik, benjamin.peterson, tarek, jwilk, eric.araujo, Arfrever, skrah, alexis, devin, Giovanni.Bajo, dstufft |
2013-11-22 21:25:22 | christian.heimes | link | issue12226 messages |
2013-11-22 21:25:22 | christian.heimes | create | |
|