Christian Heimes added the comment:
xmlrpc.client.SafeTransport() accepts a context object. You can pass a
SSLContext in to perform cert validation and even client cert auth.
--
resolution: -> out of date
status: open -> closed
___
Python tracker
Changes by Jakub Wilk jw...@jwilk.net:
--
nosy: +jwilk
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13856
___
___
Python-bugs-list mailing list
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +christian.heimes
versions: +Python 3.4 -Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13856
___
Senthil Kumaran sent...@uthcode.com added the comment:
I am sorry. I see that with context object in 3.x, verification is being done.
The CA certs can be pointed to using load_verify_locations.
As the author had in this patc tothe pass on addition ca_certs and ca_reqs to
wrap_socket in ssl
Antoine Pitrou pit...@free.fr added the comment:
For this issue, modifying the xmlrpc.client to support ssl context and
making a HTTPConnection with context object is present may be way to
go.
xmlrpc is higher level than http.client, so you might also adopt the
urllib approach of passing
Martin v. Löwis mar...@v.loewis.de added the comment:
I think, I was using wrong terminology, by 'sending' I meant, 'using' the
ca_file in the client to verify Server's certificates.
Then I still don't understand your remarks. You said is there any
reason for the clients in the stdlib are
Senthil Kumaran sent...@uthcode.com added the comment:
Thanks for submitting the patch. Couple of comments.
1. This is a new feature, so the patch should be addressed against 3.x.
2. The patch lacks tests and documentation and hence it is not complete.
You could take a look at http/client.py
Antoine Pitrou pit...@free.fr added the comment:
Antoine - I fail to recollect, but is there any reason for the clients
in the stdlib are not carrying a ca_file and doing a certificate
validation of the server connection?
Well, if you are a security expert you can volunteer to maintain a
Martin v. Löwis mar...@v.loewis.de added the comment:
For 3.x, xmlrpc.client should just pass-through the SSL context. Since the code
to do so will be quite different from the current patch, I'm tempted to close
this issue as rejected, unless Nathanael indicates that he would like to redo
the
Senthil Kumaran sent...@uthcode.com added the comment:
On Sun, Jan 29, 2012 at 10:48:35PM +, Martin v. Löwis wrote:
orsenthil: I don't fully understand your question (what kind of carrying
should the clients do);
By that I mean, sending the ca_file and cert_reqs from the client,
which I
Senthil Kumaran sent...@uthcode.com added the comment:
On Sun, Jan 29, 2012 at 10:30:45PM +, Antoine Pitrou wrote:
Well, if you are a security expert you can volunteer to maintain a
trusted certificates' file in the Python repository :) I think
nobody else amongst us is qualified.
:-)
Martin v. Löwis mar...@v.loewis.de added the comment:
By that I mean, sending the ca_file and cert_reqs from the client,
which I believe would be required if you want to verify the server
certificate from the client end [1]. The other clients send only
the cert_file and the key_file.
Ah,
Senthil Kumaran sent...@uthcode.com added the comment:
I think, I was using wrong terminology, by 'sending' I meant, 'using' the
ca_file in the client to verify Server's certificates.
--
___
Python tracker rep...@bugs.python.org
Changes by Senthil Kumaran sent...@uthcode.com:
--
nosy: +orsenthil
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13856
___
___
Python-bugs-list
New submission from Nathanael Noblet nathanaelnob...@gmail.com:
If I wanted to create a HTTPS connection to a xmlrpc server *and* validate its
certificate, I need to override the HTTPSConnection and SafeTransport objects.
However it seems like they could easily support both methods. At least
15 matches
Mail list logo
