Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Trust me. I know what I'm doing." -- Sledge Hammer

devel / comp.lang.python / Re: ssl server: how to disable client cert verfication?

SubjectAuthor
o Re: ssl server: how to disable client cert verfication?Barry

1
Re: ssl server: how to disable client cert verfication?

<mailman.7.1643999727.7010.python-list@python.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=16903&group=comp.lang.python#16903

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: bar...@barrys-emacs.org (Barry)
Newsgroups: comp.lang.python
Subject: Re: ssl server: how to disable client cert verfication?
Date: Fri, 4 Feb 2022 18:19:27 +0000
Lines: 34
Message-ID: <mailman.7.1643999727.7010.python-list@python.org>
References: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
<C0261B0D-F4EB-4F16-AEFA-0994EA474F51@barrys-emacs.org>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: news.uni-berlin.de pNs3t/JvJb3Z6ICSyaJ/Hwxear+dEv8immE5j2GjwvDQ==
Return-Path: <barry@barrys-emacs.org>
X-Original-To: Python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=none reason="no signature";
dkim-adsp=none (unprotected policy); dkim-atps=neutral
X-Spam-Status: OK 0.000
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'looks': 0.02; '2022':
0.05; 'underlying': 0.07; 'python.': 0.08; 'angelico': 0.09;
'cc:addr:python-list': 0.09; 'from:addr:barry': 0.09;
'received:217.70': 0.09; 'received:217.70.178': 0.09;
'received:gandi.net': 0.09; 'received:mail.gandi.net': 0.09;
'subject:how': 0.09; 'values.': 0.09; 'cc:no real name:2**0':
0.14; 'url:mailman': 0.15; '2022,': 0.16; 'anything,': 0.16;
'barry': 0.16; 'flag': 0.16; 'from:addr:barrys-emacs.org': 0.16;
'message-id:@barrys-emacs.org': 0.16; 'object,': 0.16; 'spot':
0.16; 'subject:client': 0.16; 'subject:disable': 0.16; 'times,':
0.16; 'wrote:': 0.16; 'api': 0.17; 'feb': 0.17; 'grant': 0.17;
'cc:addr:python.org': 0.20; 'option': 0.20; "i've": 0.22; 'fri,':
0.22; 'anything': 0.25; 'url-ip:188.166.95.178/32': 0.25; 'url-
ip:188.166.95/24': 0.25; 'actual': 0.25; 'url:listinfo': 0.25;
'cc:2**0': 0.25; 'url-ip:188.166/16': 0.25; 'certificate': 0.26;
'object': 0.26; 'suspect': 0.26; 'done': 0.28; '>>>': 0.28;
'chris': 0.28; 'looked': 0.31; 'url-ip:188/8': 0.31; "doesn't":
0.32; 'context': 0.32; 'hold': 0.33; 'able': 0.34; 'header:In-
Reply-To:1': 0.34; 'change': 0.36; 'reference': 0.60; 'method':
0.61; 'validation': 0.64; 'process.': 0.65; 'received:217': 0.67;
'little': 0.73; 'client': 0.82
In-Reply-To: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
X-Mailer: iPad Mail (19D50)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <C0261B0D-F4EB-4F16-AEFA-0994EA474F51@barrys-emacs.org>
X-Mailman-Original-References: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
 by: Barry - Fri, 4 Feb 2022 18:19 UTC

> On 4 Feb 2022, at 18:17, Grant Edwards <grant.b.edwards@gmail.com> wrote:
>
> On 2022-02-04, Chris Angelico <rosuav@gmail.com> wrote:
>>> On Fri, 4 Feb 2022 at 09:37, Grant Edwards <grant.b.edwards@gmail.com> wrote:
>>> I've looked through the ssl.Context documentation multiple times, and
>>> haven't been able to spot any option or flag that disables client
>>> certificate validation or allows the user to override the actual
>>> client certificate validation process.
>>
>> What you're doing is a little unusual, so my first thought would be to
>> subclass Context and override whatever method does the checks.
>
> I've done a dir() on the Context object, and I don't see anything that
> looks like a method to do the checks. I suspect that the Context
> object doesn't actually _do_ anything, it just hold a reference to an
> underlying openssl context object and allow to to change its
> configuration values.

We started with the OpenSSL api and looked see what it provided.
Then looked for how to access that from python.

Barry

> --
> Grant
>
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor