On 03.09.2014 19:29, Ethan Furman wrote:
Excellent. Last question (I hope): it is possible to (easily) create an SSLContext that will verify against a self-signed certificate?
context = ssl.create_default_context(cafile="/path/to/selfsigned.pem")
That works iff the certificate is valid, not expired and its CN or SAN matches the hostname of the service. When the hostname doesn't match then you have to set
context.check_hostname = False