New submission from Kevin Chen: When a Python HTTPS server requests client certificates, it should send a CA list so the client knows which certificates are acceptable.
It looks like right now Python calls SSL_CTX_load_verify_locations, so once the client certificate is sent, Python can verify whether the client against the specify CAs. However, it looks like Python should also call SSL_CTX_set_client_CA_list so the client knows which certificates to send. ---------- assignee: christian.heimes components: SSL messages: 280620 nosy: christian.heimes, kchen priority: normal severity: normal status: open title: SSL server requesting client certificates should send CA list type: behavior _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28671> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com