New submission from raymontag:
Hello,
I would like to see an implementation for SSL/TLS pinning in the sll module of
the standard library.
At this moment it's only possible to give the client a CAcert and check if the
server's certificate is signed with this CA by creating a ssl.Context object
with ssl.Context("/path/to/cafile"). If I don't know the server's certificate,
that is I just have the root certificate, this is okay. But if I implement my
own server/client structure I know the server's certificate. And here comes
pinning into play: If I know server's certificate I could not only check if
it's signed with my CA but also if it is the specific certificate I've signed.
This is a better protection against MITM e.g. and would be a great enhancement
of the ssl module IMHO.
raymontag
----------
messages: 195130
nosy: raymontag
priority: normal
severity: normal
status: open
title: SSL/TLS pinning for the ssl module
type: enhancement
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue18735>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
