Ruben Kerkhof <[EMAIL PROTECTED]> added the comment: Hi Bill,
When I include the server certificate in ca_certs, verification succeeds, and I can view the peer certificate dict with getpeercert(False) When I set ca_certs to none and ssl.CERT_NONE, I can still call getpeercert(True) and call DER_cert_to_PEM_cert to get the same PEM certificate. SSL is all new to me, so forgive me if I talk nonsense, but what I'm trying to do is the following: I receive a key from Bob which is a digest of his servers certificate. To make sure I'm really talking to Bob I need to decrypt his servers signature with his public key and check the resulting digest against my key. So I have to ignore failures like X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, but detect things like X509_V_ERR_CERT_SIGNATURE_FAILURE. The idea is based on what foolscap is doing with FURLS (http://foolscap.lothar.com/trac) Am I making sense? __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2838> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
