Paul Rubin enlightened us with: > for example, OpenSSL (www.openssl.org) comes with a simple Perl > script that acts as a rudimentary CA.
I never understood those CA scripts. I mean, creating a new CA certificate only has to be done once, and is: openssl req -new -x509 -key $KEY -out $OUT -days 365 -config $CONF Signing a certificate request is easier: openssl ca -in some.req Why do people feel the need to wrap that up in some Perl script? > Note that TLSLite at the moment doesn't know how to authenticate > certificate chains all by itself without external libraries. I > didn't look at your code sample closely enough to figure out whether > you were using OpenSSL or M2Crypto in a way that takes care of that. TLS Lite can use both, and cryptlib_py too. For proper verification, you need the latter. My CRL checks also require cryptlib. Sybren -- The problem with the world is stupidity. Not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? Frank Zappa -- http://mail.python.org/mailman/listinfo/python-list