New submission from mpb: At present (Python 2.7.[45] and 3.3.[12]), the cert_reqs parameter of ssl.wrap_socket can be one of:
ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED I would find the following additional modes to be useful: ssl.CERT_OPTIONAL_NO_VERIFY ssl.CERT_REQUIRED_NO_VERIFY In these cases, the server's certificate would be available via the .getpeercert () method, even if the certificate does not pass verification. The use case for these modes would be connecting to servers, some of which may use valid certificates, and others of which may be using self signed certificates. Another use case might be an "ssh-like" mode of operation. ssh will warn the user of possible man-in-the-middle attacks if a server's public key has changed. Thanks! ---------- components: Library (Lib) messages: 191796 nosy: mpb priority: normal severity: normal status: open title: ssl.wrap_socket (cert_reqs=...), getpeercert, and unvalidated certificates type: enhancement versions: Python 2.7, Python 3.3 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18293> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
