> The simplest way to do verification is to allow the application to > provide a set of root certs that it would like to verify against, and > use the built-in OpenSSL verification procedure.
That's good. I don't recall whether you planned for this, however, it would then be necessary to find out who the authenticated user is, to do authorization. Getting that as a pair (client dn, issuer dn) is the interface that springs to mind first. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com