[EMAIL PROTECTED] wrote: > Folks, > Now that Brad has integrated pyOpenSSL support, I have a change that > takes advantage of the new code to double-check client certificates. > > The following small fix causes the client to check the expiration date > on the installed certificate that it would send to a server, and report > an error if it has expired. We'll warn the client too, if the > certificate is getting close to expiration. > > Webrev lives here: > > http://cr.opensolaris.org/~johansen/webrev-2951/
That all looks reasonable to me. I haven't used the pyOpenSSL interfaces before but based on my OpenSSL C knowledge this looks correct. The only comment I have is that I'm surprised at the number of places you have to add the 'if not check_cert_validity(img):' it might be better to put these checks closer to the SSL transport connection code, say in 'get_ssl_credentials()'. The reason being that in the future their could be other remote transports that don't use certificates or don't use them in the same way. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
