[issue19689] ssl.create_default_context()
Christian Heimes
report at bugs.python.org
Fri Nov 22 15:12:56 CET 2013
Christian Heimes added the comment:
Good point!
We need a purpose flag anyway in order to load the appropriate root CA certs. The purpose flag can be used for purpose-specific verify mode:
SERVER_AUTH = _ASN1Object('1.3.6.1.5.5.7.3.1')
CLIENT_AUTH = _ASN1Object('1.3.6.1.5.5.7.3.2')
if isinstance(purpose, str):
purpose = _ASN1Object.fromname(purpose)
if verify_mode is None:
if purpose == SERVER_AUTH:
# authenticate a TLS web server (for client sockets). The default
# setting may change in the future.
verify_mode = CERT_NONE
elif purpose == CLIENT_AUTH:
# authenticate a TLS web client (for server sockets). The default
# setting is guaranteed to be stable and will never change.
verify_mode = CERT_NONE
else:
# other (code signing, S/MIME, IPSEC, ...), default may change.
verify_mode = CERT_NONE
context.verify_mode = verify_mode
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19689>
_______________________________________
More information about the Python-bugs-list
mailing list