aioopenssl icon indicating copy to clipboard operation
aioopenssl copied to clipboard

Published 20 hours ago verified publisher icon horazont

Verify Peer Cert

Open delfick opened this issue 6 years ago • 2 comments

Hello,

When I start a server using some random self signed cert and then I use SSL.VERIFY_PEER on the ssl context I give to create_starttls_connection, should it complain if I haven't told it about my cert?

For example, https://gist.github.com/delfick/2b3b1faafe68428a67394fd66c591ca4

I expect this to not be able to successfully create a connection to my server, which is the behaviour I see when I use asyncio/ssl https://gist.github.com/delfick/09426ea00c614fd1d9504afecb075323

delfick avatar May 12 '19 04:05 delfick

This should fail, I’m not sure what you’re doing wrong. I’ve certainly seen enough people complaining about verification failures in aioxmpp to be pretty certain of that.

Can you write a unittest to reproduce this behaviour?

Also, somehow the notification for your issue got lost, sorry for the extremely late reply.

horazont avatar Mar 22 '20 09:03 horazont

I'm not sure what would be the best way to turn the two gists above into unit tests.

Also, somehow the notification for your issue got lost, sorry for the extremely late reply.

hehehe, that's alright :)

delfick avatar Mar 22 '20 11:03 delfick