On Sat, 21 May 2011 12:32:21 +0200 vinay.sajip <python-check...@python.org> wrote: > + if secure: > + import ssl > + fd, fn = tempfile.mkstemp() > + os.close(fd) > + with open(fn, 'w') as f: > + f.write(self.PEMFILE) > + sslctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) > + sslctx.load_cert_chain(fn)
We already bundle a couple of cert files in Lib/test, so you shouldn't have to use your own (see e.g. Lib/test/keycert.pem). > + self.h_hdlr = logging.handlers.HTTPHandler(host, '/frob', > secure=secure) If you want real security, HTTPHandler should configure its SSLContext in CERT_REQUIRED mode (and be given the proper root certificate(s)). Otherwise you are vulnerable to man-in-the-middle attacks. See the "context" and "check_hostname" arguments to HTTPSConnection: http://docs.python.org/dev/library/http.client.html#http.client.HTTPSConnection Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com