On 04/02/2022 19.24, Grant Edwards wrote:
The problem is _getting_ the client certificate that was provided during the client/server handshake. That's trivial if the handshake was successful. The problem is obtaining the client certificate when the handshake fails. I was hoping there was a way to disable client certificate validation so that the handshake will succeed and then allow me to get the client certificate from the connection object.
FYI, it's more complicated in TLS 1.3. Post-handshake authentication (PHA) can happen out-of-bounce. Only TLS 1.2 performs client cert auth during handshake or renegotiation.
Christian -- https://mail.python.org/mailman/listinfo/python-list
