Closed mprt closed 5 years ago
Just returning None
or the empty string should suffice.
See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_psk_client_callback.html
Ah, I overlooked the most obvious solutions.
Empty String works fine.
When using None
, the server raises a SystemError instead of the expected SSLError, but that's also perfectly fine for my case.
Thanks for the quick reply and for the hint to the important parts of the documentation!
Glad that worked!
I'm trying to properly refuse a connection when the client_identity is not in the list.
For now, I'm generating a random psk as workaround and catch the SSLError that is raised on a PSK mismatch:
Is there a more elegant solution?