[issue2838] Verify callback for SSL
Bill Janssen
report at bugs.python.org
Wed May 14 23:57:36 CEST 2008
Bill Janssen <bill.janssen at gmail.com> added the comment:
Yep, it looks like you're on the right track. I'll close this bug.
Bill
On Wed, May 14, 2008 at 12:51 PM, Ruben Kerkhof <report at bugs.python.org>
wrote:
>
> Ruben Kerkhof <ruben at rubenkerkhof.com> added the comment:
>
> Hi Bill,
>
> When I include the server certificate in ca_certs, verification
> succeeds, and I can view the peer certificate dict with getpeercert(False)
>
> When I set ca_certs to none and ssl.CERT_NONE, I can still call
> getpeercert(True) and call DER_cert_to_PEM_cert to get the same PEM
> certificate.
>
> SSL is all new to me, so forgive me if I talk nonsense, but what I'm
> trying to do is the following:
>
> I receive a key from Bob which is a digest of his servers certificate.
> To make sure I'm really talking to Bob I need to decrypt his servers
> signature with his public key and check the resulting digest against my
> key. So I have to ignore failures like
> X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and
> X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, but detect things like
> X509_V_ERR_CERT_SIGNATURE_FAILURE.
>
> The idea is based on what foolscap is doing with FURLS
> (http://foolscap.lothar.com/trac)
>
> Am I making sense?
>
> __________________________________
> Tracker <report at bugs.python.org>
> <http://bugs.python.org/issue2838>
> __________________________________
>
Added file: http://bugs.python.org/file10323/unnamed
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2838>
__________________________________
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: unnamed
URL: <http://mail.python.org/pipermail/python-bugs-list/attachments/20080514/25732739/attachment.txt>
More information about the Python-bugs-list
mailing list