[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
Andreas Hasenack
report at bugs.python.org
Thu Dec 13 16:14:30 CET 2007
Andreas Hasenack added the comment:
> do it automatically. Unfortunately, that means that client-side
certificate
> verification has to be done (it's pointless to look at the data in
> unverified certificates), and that means that the client software has to
> have an appropriate collection of root certificates to verify against. I
But the current API already has this feature:
ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/pki/tls/rootcerts/%s" % cert,
cert_reqs=ssl.CERT_REQUIRED)
So this is already taken care of with ca_certs and cert_reqs, right?
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1589>
__________________________________
More information about the Python-bugs-list
mailing list