[Cryptography-dev] Possible to customize how python handle ssl verify callback?
Edward Tsang
etsang at splunk.com
Fri Jan 7 13:13:08 EST 2022
Is it possible to change the behavior of how standard python verifies X509
certificates? The background is that I want to filter, ignore and log some
of the X509 certificate validation errors. I would like to apply
universally for the Python standard library includes multiple modules that
provide HTTP client functionality, including httplib, urllib, urllib2, and
xmlrpclib. Does the python offers a way for user to customize certificate
verification behavior? Anyone can point out how to do this or link to any
project that is doing that?
As per openssl doc, we can do that
https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html
we can customize how certificate verify callback with this
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
X509_STORE_CTX_verify_cb verify_cb);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20220107/5700846f/attachment.html>
More information about the Cryptography-dev
mailing list