On 2022-02-04, Christian Heimes <christ...@python.org> wrote: > On 03/02/2022 19.57, Grant Edwards wrote: >> I've got a small ssl server app. I want to require a certificate from >> the client, so I'm using a context with >> >> context.verify_mode = ssl.CERT_REQUIRED >> >> But, I want all certificates accepted. How do I disable client >> certificate verification? > > You can't. Python's ssl module does not expose the necessary feature to > override the verification callback SSL_CTX_set_verify(). PyOpenSSL lets > you set a callback and ignore any and all errors.
Thanks! I'll look into that. Since "openssl s_client" didn't seem to have any option to ignore client cert validity, I was starting to wonder if ignoring it was simply impossible with openssl. -- Grant -- https://mail.python.org/mailman/listinfo/python-list
