[issue6273] Add client side certificate support to httplib
Jesse Noller
report at bugs.python.org
Sat Jun 13 00:37:57 CEST 2009
Jesse Noller <jnoller at gmail.com> added the comment:
On Jun 12, 2009, at 5:00 PM, Martin v. Löwis <report at bugs.python.org>
wrote:
>
> Martin v. Löwis <martin at v.loewis.de> added the comment:
>
>> The attached patch adds client-side cert support to httplib, as
>> well as
>> validation. Rather than just commit this, I would like to have
>> additional
>> review.
>
> I wouldn't call the feature "client-side cert support" - client
> certificates are already supported, and had been for a long time.
>
> What you are adding to httplib is server certificate validation.
>
> I find the patch incomplete, for formal and semantical reasons:
> a) it doesn't come with documentation or test suite changes, and
> b) it doesn't implement the typical certificate checks that browsers
> do, beyond validating that the certificate is valid - e.g. also
> validating that the certificate is issued to the host you are trying
> to connect to.
>
> API-wise, I'm not sure what the point of passing cert_reqs as a
> parameter is - ISTM that, in httplib, if ca_certs is not None, then
> cert_reqs should automatically be CERT_REQUIRED (just like it is
> in get_server_certificate).
>
>> Also, ideally this could be added to 2.6 maint (it seems like a
>> pretty big
>> hole)
>
> It's a new feature, so it shouldn't be added to 2.6. Not sure what you
> mean by "big hole".
>
Thanks, that's why I filed the ticket, it's my first foray into
patching httplib - I'll go back to the patch drawing board!
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue6273>
_______________________________________
More information about the Python-bugs-list
mailing list