[Python-Dev] SSL Certificate Validation (original) (raw)

"Martin v. Löwis" martin at v.loewis.de
Tue Jun 16 22:14:35 CEST 2009

This question is really off-topic for python-dev. As a python-dev poster, you should do research upfront, and only post on what you consider facts. Martin, I told him to ask his question about ssl internals on python-dev as he is new, and looking to work on some of the internals/make a patch for core. I didn't think that asking internals questions was a faux pas for the list, especially as he's looking to submit a patch to core.

Hmm. For somebody new to Python, I'm fairly skeptical that the SSL module is the best starting point.

Where I'm going with this is I think all this checking needs to be part of certificate validation in the ssl module. If it isn't yet, I'd be happy to work on a patch for it. Please let me know what you think. I think you need to familiarize yourself much more with OpenSSL. I don't think that's called for, he is attempting to familiarize himself and simply inquiring about some of the internals. I'm sure he'll know plenty by the time the patch is more fully formed.

But I really do believe that this is what he need to do next: familiarize himself with OpenSSL. There is a lot of APIs in that library, and it takes a while (i.e.: several months) to get productive, in particular since OpenSSL doesn't have the most intuitive API.

From "I want to know what features it currently has" to "I can contribute new features" is really a looong way here.

To give a little more guidance: find out what SSL_CTX_use_certificate_chain_file and SSL_CTX_set_verify do. Finding that out is really out of scope of python-dev, since it has nothing to do with Python.

Regards, Martin

More information about the Python-Dev mailing list