Open randomstuff opened 5 years ago
I've just did some quick check, and it seems that it is enough to set verify_mode
to ssl.CERT_OPTIONAL
above this line:
if secure:
sc = ssl.create_default_context(
ssl.Purpose.SERVER_AUTH,
cafile=self.session.cafile,
capath=self.session.capath,
cadata=self.session.cadata)
if 'certfile' in self.config and 'keyfile' in self.config:
sc.load_cert_chain(self.config['certfile'], self.config['keyfile'])
if 'check_hostname' in self.config and isinstance(self.config['check_hostname'], bool):
sc.check_hostname = self.config['check_hostname']
sc.verify_mode = ssl.CERT_NONE
kwargs['ssl'] = sc
Then server will be verified only when cafile
is provided.
But having option in config would make if more verbose...
It'd be nice to have an option to disable certificate verification (
verify_mode=CERT_NONE
): something likeconfig['verify'] = False
?