SSL under python 2.6 is soooooo close, but ...

[GoogleCodeExporter]

1. ssl.wrap_socket() throw ssl.SSLError exceptions which are derived from
socket.error. What this means is if you do something stupid like get a key
file or crt file name wrong, like I did, the exception is quietly ignored.

to figure this out in HTTPSConnectionWithTimeout.connect I did:

try:
  ## following assumes 2.6 and is hacked
  self.sock =_ssl_wrap_socket(sock, self.key_file, self.cert_file,    
      cert_reqs=ssl.CERT_REQUIRED, ca_certs='test.crt')
except ssl.SSLError:
   import traceback
   traceback.print_exc()

without this, at the actual request of the url, much later in time,
self.sock is None. Of course with this you still need to google the very
cryptic exception string to figure what you did wrong. :-)

2. being able to set cert_reqs param to something not the default is
required to actually get verification of the server, also setting the
ca_certs param.

no way to pass those in with current api, but in a web services scenario,
validating with self-signed root certificate would otherwise be straight
forward. 

This was tested with apache 2.2 as the server using mod_ssl.

-chrish

Original issue reported on code.google.com by chrish61...@gmail.com on 11 Mar 2010 at 10:17

[GoogleCodeExporter]

Do you have a patch for this that gets it all correct?

Original comment by joe.gregorio@gmail.com on 14 May 2010 at 3:29

[GoogleCodeExporter]

Original comment by joe.gregorio@gmail.com on 14 Feb 2011 at 4:04

• Changed state: Accepted

[GoogleCodeExporter]

Cert checking has been added in head.

Original comment by joe.gregorio@gmail.com on 13 Jun 2011 at 5:52

• Changed state: Fixed