ssl server: how to disable client cert verfication?
Christian Heimes
christian at python.org
Fri Feb 4 14:01:53 EST 2022
On 04/02/2022 19.24, Grant Edwards wrote:
> The problem is _getting_ the client certificate that was provided
> during the client/server handshake. That's trivial if the handshake
> was successful. The problem is obtaining the client certificate when
> the handshake fails. I was hoping there was a way to disable client
> certificate validation so that the handshake will succeed and then
> allow me to get the client certificate from the connection object.
FYI, it's more complicated in TLS 1.3. Post-handshake authentication
(PHA) can happen out-of-bounce. Only TLS 1.2 performs client cert auth
during handshake or renegotiation.
Christian
More information about the Python-list
mailing list