[Python-Dev] [Python-checkins] r86441 - python/branches/py3k/Lib/test/test_nntplib.py
Bill Janssen
janssen at parc.com
Sat Nov 13 21:56:11 CET 2010
Antoine Pitrou <solipsis at pitrou.net> wrote:
> On Sat, 13 Nov 2010 07:30:05 -0500
> James Y Knight <foom at fuhm.net> wrote:
> > On Nov 13, 2010, at 7:08 AM, Antoine Pitrou wrote:
> > > Funny, it shows that the NNTP SSL tests don't check the certificate,
> > > then.
> >
> > Unsurprising, given that you need 140 lines of pretty non-obvious python code to do so...
>
> You must have missed the new match_hostname() function:
> http://docs.python.org/dev/library/ssl.html#ssl.match_hostname
>
> (its implementation is 50 lines rather than 140 lines, though)
On the client side, it's pretty easy to see an invalid (say, expired)
certificate. Just call get_server_certificate(), which will fail if the
server certificate is invalid.
That's a separate issue from matching the request hostname to the
various host identifiers in the certificate, which various application
protocols may or may not require.
Bill
More information about the Python-Dev
mailing list