Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

lp1 on fire -- One of the more obfuscated kernel messages

devel / comp.lang.python / Re: ssl server: how to disable client cert verfication?

SubjectAuthor
o Re: ssl server: how to disable client cert verfication?Grant Edwards

1
Re: ssl server: how to disable client cert verfication?

<mailman.5.1643998512.7010.python-list@python.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=16900&group=comp.lang.python#16900

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: grant.b....@gmail.com (Grant Edwards)
Newsgroups: comp.lang.python
Subject: Re: ssl server: how to disable client cert verfication?
Date: Fri, 04 Feb 2022 10:15:09 -0800 (PST)
Lines: 20
Message-ID: <mailman.5.1643998512.7010.python-list@python.org>
References: <61fc49d4.1c69fb81.a405c.5b87@mx.google.com>
<15D2E951-9767-4A40-8EAC-DDA63D611ACF@barrys-emacs.org>
<61fc58e9.1c69fb81.f1e67.01bd@mx.google.com>
<CAPTjJmo=3SO9xDC8S_TgPQZpCYQ8-91MuY9xo37evERfrm2u_g@mail.gmail.com>
<61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
X-Trace: news.uni-berlin.de mdjq2svORjvdDCYnmD6w9wnPmDvs39H30TpwVpXcAt7w==
Return-Path: <grant.b.edwards@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=DBfOE694;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'looks': 0.02; '2022':
0.05; 'underlying': 0.07; 'angelico': 0.09; 'subject:how': 0.09;
'values.': 0.09; 'anything,': 0.16; 'flag': 0.16;
'from:addr:grant.b.edwards': 0.16; 'from:name:grant edwards':
0.16; 'object,': 0.16; 'spot': 0.16; 'subject:client': 0.16;
'subject:disable': 0.16; 'times,': 0.16; 'wrote:': 0.16; 'feb':
0.17; 'grant': 0.17; 'to:addr:python-list': 0.20; 'option': 0.20;
"i've": 0.22; 'fri,': 0.22; 'anything': 0.25; 'actual': 0.25;
'certificate': 0.26; 'object': 0.26; 'suspect': 0.26; 'done':
0.28; 'chris': 0.28; 'header:User-Agent:1': 0.30; 'looked': 0.31;
"doesn't": 0.32; 'context': 0.32; 'hold': 0.33; 'able': 0.34;
'received:google.com': 0.34; 'received:209.85.166': 0.35;
'from:addr:gmail.com': 0.35; 'change': 0.36; 'received:209.85':
0.37; 'received:209': 0.39; 'reference': 0.60; 'method': 0.61;
'validation': 0.64; 'process.': 0.65; 'little': 0.73; 'client':
0.82
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=message-id:date:from:subject:references:user-agent:to;
bh=Y7eWE8ZXVGVoCN1rLs2kk5Ay48HevcWs71GVJLl8eoM=;
b=DBfOE694V3jwW6AfMFVeIiacMKOAeqJfreolGWtuDkqdUQeW375ALSEdxt9fDUmzC+
I8/JIXImqNgP/lHtV20lCWsag0OrOy1MmNkxp+xZS32F5ve8nQ18+FXlFJbOfuAaTOWJ
YacSQKEOdBdg9pVcc9sp5rvEadm+gUGbPYcNV6M5OFBpeEGimYqIJXwbhzyl/wmZ+l7E
6HuPy+czr3qvtj9GnkNeLdEGzF5S5SCgGZ2Lym3rN51CmFK6b003v5NRhkha/aNDkqfV
9TtNEn/K7mma5qcuJiormT4kbsRYoYNflqVLALvFikhdBPRixAzFwHhiHJZAiy1Re7Wv
3weg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:date:from:subject:references
:user-agent:to;
bh=Y7eWE8ZXVGVoCN1rLs2kk5Ay48HevcWs71GVJLl8eoM=;
b=ttvH+KipKSt51Zc7yxZpeqkVNtud3vL6tVNfXP8XwgrGNjrttlD6Vo+eY6dMQLrUTI
weFkY0UVfG0yQjAN3Nmi29VpKa7njYDHeGIgujx1wrFDPSJiRy90vKr00P2VpBkDn/FQ
MY/m8mTwrpi/+u+9Rx5qlpwiuzv4pI0G0/brkUbgGM111SuR8k5sU2eWX/ja4avfv4gW
CnKxGNVEsjrPdSYWJ0NqMwCUicWXMb0vn0tTmw+/aTikriHRYX/Yry0sq1cWqODyZXJb
PMB3iWIY21JY2P57JX3wzdDqFsHL2oGeuF2BTkZLSAfezus89rO77b7Fv0EIqzBcrULm
YWng==
X-Gm-Message-State: AOAM532R3iW7jUJUIdqnJBmyUmyKhKN2diTJVUXvSA3+c8T2aVEGoQct
KOEDjgrdwHEwAJn4p1gH6WeHq53zmFk=
X-Google-Smtp-Source: ABdhPJywn9RpJupGp7c9YrxkGejhvBBipvEPu4+BhpNFo6vm8G8kIBbbXxU9hqZHOhSt/1OT1bEC2A==
X-Received: by 2002:a05:6638:18a:: with SMTP id
a10mr206732jaq.130.1643998510067;
Fri, 04 Feb 2022 10:15:10 -0800 (PST)
User-Agent: slrn/1.0.3 (Linux)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
X-Mailman-Original-References: <61fc49d4.1c69fb81.a405c.5b87@mx.google.com>
<15D2E951-9767-4A40-8EAC-DDA63D611ACF@barrys-emacs.org>
<61fc58e9.1c69fb81.f1e67.01bd@mx.google.com>
<CAPTjJmo=3SO9xDC8S_TgPQZpCYQ8-91MuY9xo37evERfrm2u_g@mail.gmail.com>
 by: Grant Edwards - Fri, 4 Feb 2022 18:15 UTC

On 2022-02-04, Chris Angelico <rosuav@gmail.com> wrote:
> On Fri, 4 Feb 2022 at 09:37, Grant Edwards <grant.b.edwards@gmail.com> wrote:
>> I've looked through the ssl.Context documentation multiple times, and
>> haven't been able to spot any option or flag that disables client
>> certificate validation or allows the user to override the actual
>> client certificate validation process.
>
> What you're doing is a little unusual, so my first thought would be to
> subclass Context and override whatever method does the checks.

I've done a dir() on the Context object, and I don't see anything that
looks like a method to do the checks. I suspect that the Context
object doesn't actually _do_ anything, it just hold a reference to an
underlying openssl context object and allow to to change its
configuration values.

--
Grant

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor