[Patches] [ python-Patches-793553 ] urllib SSL authentication docs are wrong
SourceForge.net
noreply at sourceforge.net
Sun Jul 30 02:42:55 CEST 2006
Patches item #793553, was opened at 2003-08-22 17:15
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=793553&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Documentation
Group: Python 2.3
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: John J Lee (jjlee)
>Assigned to: A.M. Kuchling (akuchling)
Summary: urllib SSL authentication docs are wrong
Initial Comment:
urllib docs for URLOpener say:
Additional keyword parameters, collected in x509, are
used for authentication with the https: scheme. The
keywords key_file and cert_file are supported; both are
needed to actually retrieve a resource at an https: URL.
They're not needed, and the certificate is never
checked, because _ssl.c doesn't check it (which is
documented in the socket.ssl docs).
A doc patch is attached.
----------------------------------------------------------------------
>Comment By: Nobody/Anonymous (nobody)
Date: 2006-07-29 17:42
Message:
Logged In: NO
Patch applied to docs in rev. 50962.
The feature of providing a client cert does seem to work. I verified this by
running "openssl s_server -accept 8000 -www -cert server.cert -key
server.key -verify 1" to provide a server on port 8000, and then running the
attached client script. (You'll need to generate client and server keys and
certs first.) On running the script, the server prints messages showing that
it's received a certificate.
Therefore, I'm closing this patch.
----------------------------------------------------------------------
Comment By: Fred L. Drake, Jr. (fdrake)
Date: 2006-06-10 13:20
Message:
Logged In: YES
user_id=3066
This should be handled by someone who knows something about
the SSL API. I'm not at all sure why I assigned it to
myself to begin with.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2003-08-31 11:27
Message:
Logged In: YES
user_id=21627
Sure, I agree the current documentation is wrong. It would
be good to test the feature before correcting the
documentation, though.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2003-08-31 11:09
Message:
Logged In: YES
user_id=261020
<Googles for x509> Ah. That appears to be true. In that
case, do you agree that the following is still wrong (taken from
urllib.URLOpener docs)?
Additional keyword parameters, collected in x509, are used for
authentication with the https: scheme. The keywords key_file
and cert_file are supported; both are needed to actually
retrieve a resource at an https: URL.
You don't need either dict entry for opening most https: URLs.
Also, it gives no clue that x509 is for client authentication, and
that server authentication is not done.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2003-08-31 09:16
Message:
Logged In: YES
user_id=21627
Isn't the purpose of these arguments client-side authentication?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=793553&group_id=5470
More information about the Patches
mailing list