Sybren Stuvel wrote: > Frank Millman enlightened us with: > > while 1: > > conn,addr = s.accept() > > c = TLSConnection(conn) > > c.handshakeServer(certChain=certChain,privateKey=privateKey) > > data = c.recv(1024) > > It's nice that you set up a TLS connection, but you never check the > certificate of the other side for vality. You should make sure the > certificate chain is completely signed from top to bottom. Then check > that the bottom certificate is amongst trusted CAs. Also check all the > certificates in the chain against the CRL of the CA.
Thanks for the reply, Sybren. I was hoping to avoid this step. The point of the exercise for me is encryption. I am not too worried about authentication. The next step in my app is for the client to enter a user id and password, and the server will not proceed without verifying this. However, I realise that security is not something to be trivialised, so if your recommendation is that I do complete the validation steps, I will try to understand that part of the documentation and apply that as well. Thanks Frank -- http://mail.python.org/mailman/listinfo/python-list
