Thread: [pyOpenSSL] Missing API for client authentication renegotiation

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I'm using PyOpenSSL to develop a free software implementation of Liberty 
Alliance single sign-on protocol.
	http://lasso.entrouvert.org/souk

It works very well, but to improve client authentication, I need to 
renegotiate client verify mode after the SSL connection is established.

So, I would like to transpose the following C code into Python:
  	SSL_set_verify(ssl,SSL_VERIFY_PEER |
		SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);

	/* Stop the client from just resuming the
	   un-authenticated session */
	SSL_set_session_id_context(ssl,
		(void *)&s_server_auth_session_id_context,
         	sizeof(s_server_auth_session_id_context));

	SSL_renegotiate(ssl);
	SSL_do_handshake(ssl);
	ssl->state=SSL_ST_ACCEPT;
	SSL_do_handshake(ssl);

[This code fragment is taken from wserver2.c sample code by Eric 
Rescoria <http://www.rtfm.com/openssl-examples/>]

But I didn't find in PyOpenSSL a way to:
	- call SSL_set_verify
	- change ssl->state without using SSL_set_accept_state

Is this a missing feature of PyOpenSSL? Is there another way to 
implement client authentication renegotiation?

Regards,

Emmanuel Raviart

-- 
Lasso (Liberty Alliance Single Sign-On) -- http://lasso.entrouvert.org
Entr'ouvert -- www.entrouvert.com

Thread: [pyOpenSSL] Missing API for client authentication renegotiation

pyopenssl-list