Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Those who don't understand Linux are doomed to reinvent it, poorly. -- unidentified source

devel / comp.lang.python / Re: ssl server: how to disable client cert verfication?

SubjectAuthor
o Re: ssl server: how to disable client cert verfication?Grant Edwards

1
Re: ssl server: how to disable client cert verfication?

<mailman.13.1644003740.7010.python-list@python.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=16909&group=comp.lang.python#16909

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: grant.b....@gmail.com (Grant Edwards)
Newsgroups: comp.lang.python
Subject: Re: ssl server: how to disable client cert verfication?
Date: Fri, 04 Feb 2022 11:42:16 -0800 (PST)
Lines: 23
Message-ID: <mailman.13.1644003740.7010.python-list@python.org>
References: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
<C0261B0D-F4EB-4F16-AEFA-0994EA474F51@barrys-emacs.org>
<61fd8198.1c69fb81.e7e36.7b58@mx.google.com>
X-Trace: news.uni-berlin.de 8Ywb4hKA4t0NvGUfC24Mlgj44N1sh3RlsbW8A/HVVdIw==
Return-Path: <grant.b.edwards@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=CVrJXqkX;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'looks': 0.02;
'underlying': 0.07; 'python.': 0.08; 'subject:how': 0.09;
'trivial': 0.09; 'values.': 0.09; 'anything,': 0.16; 'barry':
0.16; 'from:addr:grant.b.edwards': 0.16; 'from:name:grant
edwards': 0.16; 'object,': 0.16; 'received:209.85.166.174': 0.16;
'received:mail-il1-f174.google.com': 0.16; 'right.': 0.16;
'subject:client': 0.16; 'subject:disable': 0.16; 'wrote:': 0.16;
'api': 0.17; 'code.': 0.17; 'grant': 0.17; 'to:addr:python-list':
0.20; "i've": 0.22; 'anything': 0.25; 'library': 0.26; 'object':
0.26; 'suspect': 0.26; 'done': 0.28; '>>>': 0.28; 'header:User-
Agent:1': 0.30; 'looked': 0.31; "doesn't": 0.32; 'context': 0.32;
'hold': 0.33; 'server': 0.33; 'same': 0.34; 'received:google.com':
0.34; 'received:209.85.166': 0.35; 'from:addr:gmail.com': 0.35;
'change': 0.36; 'missing': 0.37; "it's": 0.37; 'received:209.85':
0.37; 'received:209': 0.39; 'something': 0.40; 'reference': 0.60;
'method': 0.61; 'little': 0.73; 'client': 0.82
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=message-id:date:from:subject:references:user-agent:to;
bh=GMqPUAVLoqjGR760xeizGj8DGTPrYBQ0AjMB0ChrKEI=;
b=CVrJXqkXnDU62GxiLubISPUiPsOG6kg/2Zs4zR043NE2kcqQRXqF7OAEVOiUDJU9/z
XS9RlwnUAi9a/RruDYvfbpPb0pw3Q7iKpnlQtJvPiZqrTFD4/wQdojndhtQLS2gSe42K
pgktECc/5IF7luvxsS7kalm6Y+ynfQOgVL5ij0yHWZqUXRrT1eVsIS8rbcKxuCLK9Bv8
5zOGFlG3lxCWHK+wnfiR/7FlZNN7SxibRUXxV6SrzniKDcDyYWCAHhfA7jKIr8nJ8q5k
pSj8vuW/6D6okb1xqKrhSbCx8tBtJStYjExrIWVT0E4IZsPh/SPlc5WLLdqc8bLTgkXJ
JC4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:date:from:subject:references
:user-agent:to;
bh=GMqPUAVLoqjGR760xeizGj8DGTPrYBQ0AjMB0ChrKEI=;
b=ft02YJdd3buhGRaO3MStTISLR+GIZ4V8GkR/cVEhRHX8HWwUSkCWPuR4kea7JNw7Ju
NnfqxJk3AYAf7DzrhClu616zsWFUCdOHegbioX0m60zRlhCLlByrEZY68ceyAXNwD36I
bNxFxKV6NU+Sd+7bngDWfexfO4kJ1YKuv+ESTehHs3DrXDKwGlXxZpMUzvNxYFWkeR7Q
FtB49CxXxdN9csHQTiNtB7kRrKe2z5bcpQcmS7x41kZ2fc04QwDie9MN/zSamEcma7Z3
k9PgQLMvvLyMgEMJ8ZFONG5QqacZo/qD2GTRb7tkCLSH0K2ev348Nr/yPPuOAgFZF1wa
N6cA==
X-Gm-Message-State: AOAM532t4acSQjXysFWWfab/arYFSYM+SKS2cX86ELoSOZS0MYdTaF/k
nCHG3yYE6BVRoALfiWtaVVZ/EpkVNA8=
X-Google-Smtp-Source: ABdhPJy4piK8Gn8VpVNIEoKPKl91wlVEigNp8BaK4GgmD/dkRSqoVdfppL828QhRxkR3hLA5r26zXw==
X-Received: by 2002:a92:cf43:: with SMTP id c3mr361623ilr.104.1644003736961;
Fri, 04 Feb 2022 11:42:16 -0800 (PST)
User-Agent: slrn/1.0.3 (Linux)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <61fd8198.1c69fb81.e7e36.7b58@mx.google.com>
X-Mailman-Original-References: <61fd6d2d.1c69fb81.a8d6d.71e9@mx.google.com>
<C0261B0D-F4EB-4F16-AEFA-0994EA474F51@barrys-emacs.org>
 by: Grant Edwards - Fri, 4 Feb 2022 19:42 UTC

On 2022-02-04, Barry <barry@barrys-emacs.org> wrote:
>>
>>> What you're doing is a little unusual, so my first thought would be to
>>> subclass Context and override whatever method does the checks.
>>
>> I've done a dir() on the Context object, and I don't see anything that
>> looks like a method to do the checks. I suspect that the Context
>> object doesn't actually _do_ anything, it just hold a reference to an
>> underlying openssl context object and allow to to change its
>> configuration values.
>
> We started with the OpenSSL api and looked see what it provided.
> Then looked for how to access that from python.

Right. I now suspect this is something missing from the oponssl server
side library code. It's trivial to do the same thing from the client
side (ignore the validity of the server certificate).

--
Grant

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor