This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author janssen
Recipients ahasenack, janssen
Date 2007-12-13.18:10:26
SpamBayes Score 0.000219424
Marked as misclassified No
Message-id <4b3e516a0712131010oc47455ev7d342a3c0ceff2d0@mail.gmail.com>
In-reply-to <1197558870.27.0.0210737785058.issue1589@psf.upfronthosting.co.za>
Content
The mechanism is there for direct use of the SSL module, yes.  But the
question is, what should indirect usage, like the httplib or urllib modules,
do?  If they are going to check hostnames on use of an https: URL, they need
some way to pass a ca_certs file through to the SSL code they use.

Bill

On Dec 13, 2007 7:14 AM, Andreas Hasenack <report@bugs.python.org> wrote:

>
> Andreas Hasenack added the comment:
>
> > do it automatically.  Unfortunately, that means that client-side
> certificate
> > verification has to be done (it's pointless to look at the data in
> > unverified certificates), and that means that the client software has to
> > have an appropriate collection of root certificates to verify against.
>  I
>
> But the current API already has this feature:
> ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/pki/tls/rootcerts/%s" % cert,
>                      cert_reqs=ssl.CERT_REQUIRED)
>
> So this is already taken care of with ca_certs and cert_reqs, right?
>
> __________________________________
> Tracker <report@bugs.python.org>
> <http://bugs.python.org/issue1589>
> __________________________________
>
Files
File name Uploaded
unnamed janssen, 2007-12-13.18:10:26
History
Date User Action Args
2007-12-13 18:10:26janssensetspambayes_score: 0.000219424 -> 0.000219424
recipients: + janssen, ahasenack
2007-12-13 18:10:26janssenlinkissue1589 messages
2007-12-13 18:10:26janssencreate