Antoine Pitrou <solip...@pitrou.net> wrote: > On Sat, 13 Nov 2010 07:30:05 -0500 > James Y Knight <f...@fuhm.net> wrote: > > On Nov 13, 2010, at 7:08 AM, Antoine Pitrou wrote: > > > Funny, it shows that the NNTP SSL tests don't check the certificate, > > > then. > > > > Unsurprising, given that you need 140 lines of pretty non-obvious python > > code to do so... > > You must have missed the new match_hostname() function: > http://docs.python.org/dev/library/ssl.html#ssl.match_hostname > > (its implementation is 50 lines rather than 140 lines, though)
On the client side, it's pretty easy to see an invalid (say, expired) certificate. Just call get_server_certificate(), which will fail if the server certificate is invalid. That's a separate issue from matching the request hostname to the various host identifiers in the certificate, which various application protocols may or may not require. Bill _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
