ssl server: how to disable client cert verfication?

Christian Heimes christian at python.org
Fri Feb 4 14:01:53 EST 2022


On 04/02/2022 19.24, Grant Edwards wrote:
> The problem is _getting_ the client certificate that was provided
> during the client/server handshake. That's trivial if the handshake
> was successful. The problem is obtaining the client certificate when
> the handshake fails. I was hoping there was a way to disable client
> certificate validation so that the handshake will succeed and then
> allow me to get the client certificate from the connection object.

FYI, it's more complicated in TLS 1.3. Post-handshake authentication 
(PHA) can happen out-of-bounce. Only TLS 1.2 performs client cert auth 
during handshake or renegotiation.

Christian


More information about the Python-list mailing list