Jesse Noller <jnol...@gmail.com> added the comment: On Jun 12, 2009, at 5:00 PM, Martin v. Löwis <rep...@bugs.python.org> wrote:
> > Martin v. Löwis <mar...@v.loewis.de> added the comment: > >> The attached patch adds client-side cert support to httplib, as >> well as >> validation. Rather than just commit this, I would like to have >> additional >> review. > > I wouldn't call the feature "client-side cert support" - client > certificates are already supported, and had been for a long time. > > What you are adding to httplib is server certificate validation. > > I find the patch incomplete, for formal and semantical reasons: > a) it doesn't come with documentation or test suite changes, and > b) it doesn't implement the typical certificate checks that browsers > do, beyond validating that the certificate is valid - e.g. also > validating that the certificate is issued to the host you are trying > to connect to. > > API-wise, I'm not sure what the point of passing cert_reqs as a > parameter is - ISTM that, in httplib, if ca_certs is not None, then > cert_reqs should automatically be CERT_REQUIRED (just like it is > in get_server_certificate). > >> Also, ideally this could be added to 2.6 maint (it seems like a >> pretty big >> hole) > > It's a new feature, so it shouldn't be added to 2.6. Not sure what you > mean by "big hole". > Thanks, that's why I filed the ticket, it's my first foray into patching httplib - I'll go back to the patch drawing board! ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6273> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
