Michael Ekstrand wrote: > Disclaimer: I am not an expert. Take this with a grain of salt... but > I'll throw it out for what it's worth. > > > For what it's worth, the Web does not authenticate clients (for the > most part anyway). The server is authenticated - its certificate is > checked against the root CA list. But clients aren't expected to have > their own certificates. I think that the only time you really need the > clients to have certificates is when the certificate *is* your > authentication (e.g., in OpenVPN). Likewise, SSH does not verify client > certificates (unless you're using PKA, but that's different). >
Thanks for this, Michael - this is what I feel as well. Unless I hear to the contrary from Paul or Sybren, this is the approach I will follow. My next problem is that TLSLite does not seem to support select(). There is an abstract class called AsyncStateMachine which I think is provided to simulate this. If I do not figure it out I may come back here with more questions, but I will start a new thread for that. Many thanks to all. Frank -- http://mail.python.org/mailman/listinfo/python-list
