ssl server: how to disable client cert verfication?
Grant Edwards
grant.b.edwards at gmail.com
Fri Feb 4 14:43:28 EST 2022
On 2022-02-04, Christian Heimes <christian at python.org> wrote:
> On 03/02/2022 19.57, Grant Edwards wrote:
>> I've got a small ssl server app. I want to require a certificate from
>> the client, so I'm using a context with
>>
>> context.verify_mode = ssl.CERT_REQUIRED
>>
>> But, I want all certificates accepted. How do I disable client
>> certificate verification?
>
> You can't. Python's ssl module does not expose the necessary feature to
> override the verification callback SSL_CTX_set_verify(). PyOpenSSL lets
> you set a callback and ignore any and all errors.
Thanks! I'll look into that.
Since "openssl s_client" didn't seem to have any option to ignore
client cert validity, I was starting to wonder if ignoring it was
simply impossible with openssl.
--
Grant
More information about the Python-list
mailing list