Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Invest in physics -- own a piece of Dirac!

devel / comp.lang.python / Re: ssl server: how to disable client cert verfication?

SubjectAuthor
o Re: ssl server: how to disable client cert verfication?Grant Edwards

1
Re: ssl server: how to disable client cert verfication?

<mailman.15.1644003977.7010.python-list@python.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=21323&group=comp.lang.python#21323

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: grant.b.edwards@gmail.com (Grant Edwards)
Newsgroups: comp.lang.python
Subject: Re: ssl server: how to disable client cert verfication?
Date: Fri, 04 Feb 2022 11:46:15 -0800 (PST)
Lines: 22
Message-ID: <mailman.15.1644003977.7010.python-list@python.org>
References: <61fc49d4.1c69fb81.a405c.5b87@mx.google.com>
<15D2E951-9767-4A40-8EAC-DDA63D611ACF@barrys-emacs.org>
<61fc58e9.1c69fb81.f1e67.01bd@mx.google.com>
<25085.32323.499265.960572@ixdm.fritz.box>
<61fd8287.1c69fb81.df9f1.7c3c@mx.google.com>
X-Trace: news.uni-berlin.de 0AgO5XF3I2TEJ2HImsdn0QREj4Z8aU1uXrzBD6f6q1og==
Return-Path: <grant.b.edwards@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=YYrR0SXB;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'library.': 0.05;
'failures': 0.07; 'underlying': 0.07; 'subject:how': 0.09;
'supported': 0.15; 'anyway.': 0.16; 'barry': 0.16; 'cert': 0.16;
'dieter': 0.16; 'flag': 0.16; 'from:addr:grant.b.edwards': 0.16;
'from:name:grant edwards': 0.16; 'odd': 0.16; 'skip:> 10': 0.16;
'spot': 0.16; 'ssl': 0.16; 'subject:client': 0.16;
'subject:disable': 0.16; 'times,': 0.16; 'wrote:': 0.16; 'python':
0.16; 'grant': 0.17; "can't": 0.17; 'to:addr:python-list': 0.20;
'option': 0.20; 'actual': 0.25; 'seems': 0.26; 'certificate':
0.26; 'library': 0.26; 'header:User-Agent:1': 0.30; 'looked':
0.31; 'but': 0.32; 'able': 0.34; 'received:google.com': 0.34;
'received:209.85.166': 0.35; 'from:addr:gmail.com': 0.35;
'received:209.85': 0.37; 'received:209': 0.39; 'quite': 0.39;
'use': 0.39; 'wrote': 0.39; 'case.': 0.40; 'validation': 0.64;
'your': 0.64; 'process.': 0.65; 'ignore': 0.71; 'client': 0.82;
'side.': 0.84; 'thus,': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=message-id:date:from:subject:references:user-agent:to;
bh=ja0M+Kt1J0u6OWUhD0WCPM51+TkZx7L8opUCPGYx2dY=;
b=YYrR0SXBmH+87HvmXK4JiTy6eR/gaeooN/254W4a7t8Jn5yn0ZNH4G8h1tKRyHjZYX
dqUL7I/QwB2ie2sBpkWAvn4yVRjBatQUGcsfbWkGfqUEHhZA+2PoTYsaKDpXaMCyKxmW
Tvelq2Cn3m1PXsz2fqLcHDerDy4FwfwsYjW/hdLbEOexuWRrFtcgy6Lbur/o+Fr9KYEM
LroOlOsUXcNJq6e6BIOfSZXMgqML9DORZSb2WJm5VzdtvQixZ5dYkMToaHEUwb9UiLuH
c1s7wxBYFIY9AZNeR1lnLz09OQLz9rlXJx+VQg485vlBlrR8p9fYZNxOU/4YDl9UDiP7
rvUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:date:from:subject:references
:user-agent:to;
bh=ja0M+Kt1J0u6OWUhD0WCPM51+TkZx7L8opUCPGYx2dY=;
b=V3495PreKCJzjjEaL2pHK8bdptIEYsaehv0uTri4os9auDuv21QVinD1LlgBoiUDno
mwbExfZwzHgCpagB2Eua3wRZixmZu/NZ4+nV33k/1W3YjuPvsMrnC3E4xwghIjhEusK5
EHOSkqbTGT1DKNW1qfWFpdUigcYN6OnzA4Q3hQvWcGZVIorUCVaiMI0hnge9TDaYTtkk
0dIP3C9jxktk7EtfV3AgyXE/iOzAjI7RHK6K4slC3k/Ze/faXccNJ8ud7KQKTb6h+qtA
VLV2dOBYNCoSeNhnQZ7V4hWihv0qWr+/BBQhqzMaiQBEztCS2mbm8aAqUG0XgvgcdkA8
tUPw==
X-Gm-Message-State: AOAM5309yiaDhunC3SfAOvyMgtiKDGtgTNKcgUN5dK+Th7sI0cDQUMaB
X+/0aVOUhANwP2GBmIoEfJ+mKuSDnx0=
X-Google-Smtp-Source: ABdhPJxE3ONvKIzn35AiDGIYouOuwFBlsIH3i+ClDdCwCPpILT9vmZZtNpuOH0Iz+LpYBfE5PGRLbQ==
X-Received: by 2002:a05:6602:1541:: with SMTP id
h1mr314847iow.145.1644003975405;
Fri, 04 Feb 2022 11:46:15 -0800 (PST)
User-Agent: slrn/1.0.3 (Linux)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <61fd8287.1c69fb81.df9f1.7c3c@mx.google.com>
X-Mailman-Original-References: <61fc49d4.1c69fb81.a405c.5b87@mx.google.com>
<15D2E951-9767-4A40-8EAC-DDA63D611ACF@barrys-emacs.org>
<61fc58e9.1c69fb81.f1e67.01bd@mx.google.com>
<25085.32323.499265.960572@ixdm.fritz.box>
 by: Grant Edwards - Fri, 4 Feb 2022 19:46 UTC

On 2022-02-04, Dieter Maurer <dieter@handshake.de> wrote:
> Grant Edwards wrote at 2022-2-3 14:36 -0800:
>>On 2022-02-03, Barry <barry@barrys-emacs.org> wrote:
>> ...
>>I've looked through the ssl.Context documentation multiple times, and
>>haven't been able to spot any option or flag that disables client
>>certificate validation or allows the user to override the actual
>>client certificate validation process.
>
> Note that Python does not do the certificate validation itself
> but delegates this to the underlying SSL library.
> Thus, this library would need to support your use case.
> It may not as your scenario is quite special.

The corresponding scenario is easily supported for the client
side. Even "openssl s_client" offers the option to ignore cert
validation failures and print the cert anyway. It seems odd that
s_server can't do the same.

--
Grant

devel / comp.lang.python / Re: ssl server: how to disable client cert verfication?

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor