[issue6273] Add client side certificate support to httplib

Martin v. Löwis report at bugs.python.org
Fri Jun 12 23:00:31 CEST 2009

Martin v. Löwis <martin at v.loewis.de> added the comment:

> The attached patch adds client-side cert support to httplib, as well as 
> validation. Rather than just commit this, I would like to have additional 
> review.

I wouldn't call the feature "client-side cert support" - client
certificates are already supported, and had been for a long time.

What you are adding to httplib is server certificate validation.

I find the patch incomplete, for formal and semantical reasons:
a) it doesn't come with documentation or test suite changes, and
b) it doesn't implement the typical certificate checks that browsers
   do, beyond validating that the certificate is valid - e.g. also
   validating that the certificate is issued to the host you are trying
   to connect to.

API-wise, I'm not sure what the point of passing cert_reqs as a
parameter is - ISTM that, in httplib, if ca_certs is not None, then
cert_reqs should automatically be CERT_REQUIRED (just like it is
in get_server_certificate).

> Also, ideally this could be added to 2.6 maint (it seems like a pretty big 
> hole) 

It's a new feature, so it shouldn't be added to 2.6. Not sure what you
mean by "big hole".

nosy: +loewis

Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list