[Python-Dev] SSL Certificate Validation

Devin Cook devin.c.cook at gmail.com
Wed Jun 17 23:00:01 CEST 2009


Ok, thanks for all the feedback. Just for clarity, I'll summarize
everything as I understand it:

* OpenSSL does the all validation of the certificate itself.
(http://openssl.org/docs/apps/verify.html)
* httplib should have a way to enable validation of the certificate.
* httplib should have a way to enable checking of the reference
identity. (that complies with section 3 of this draft:
http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-00)
* The reference identity checking (and cert validation, I assume)
shouldn't be automatic. (per Bill)

Does that sound about right? I'll try to work up a patch tonight
implementing this.

-Devin


More information about the Python-Dev mailing list