Menu
▾
▴
[pyOpenSSL] Missing API for client authentication renegotiation
|
From: Emmanuel R. <era...@en...> - 2004-12-19 08:55:53
|
Hello, I'm using PyOpenSSL to develop a free software implementation of Liberty Alliance single sign-on protocol. http://lasso.entrouvert.org/souk It works very well, but to improve client authentication, I need to renegotiate client verify mode after the SSL connection is established. So, I would like to transpose the following C code into Python: SSL_set_verify(ssl,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); /* Stop the client from just resuming the un-authenticated session */ SSL_set_session_id_context(ssl, (void *)&s_server_auth_session_id_context, sizeof(s_server_auth_session_id_context)); SSL_renegotiate(ssl); SSL_do_handshake(ssl); ssl->state=SSL_ST_ACCEPT; SSL_do_handshake(ssl); [This code fragment is taken from wserver2.c sample code by Eric Rescoria <http://www.rtfm.com/openssl-examples/>] But I didn't find in PyOpenSSL a way to: - call SSL_set_verify - change ssl->state without using SSL_set_accept_state Is this a missing feature of PyOpenSSL? Is there another way to implement client authentication renegotiation? Regards, Emmanuel Raviart -- Lasso (Liberty Alliance Single Sign-On) -- http://lasso.entrouvert.org Entr'ouvert -- www.entrouvert.com |
