[FRPythoneers] SSL Client Authentication over HTTPS

Rob Riggs rob at pangalactic.org
Thu Feb 28 23:10:23 MST 2002


CRLs are especially important when doing client auth with SSL, since 
that's the only way to disable access to individual cert holders.

But if Joe Average Admin is acting as a CA, it's generally as a "private 
CA" (no external trust) where the only one that has and trusts the CA's 
cert is the CA owner or his/her close associates. So your only 
"responsibility" is to yourself or your organization. So far I've never 
needed a CRL.

Evelyn Mitchell wrote:

>Cool, thanks. 
>
>>From what little I know, if you are acting as a CA (Certificate Authority), 
>then you have the responsibility to offer a CRL. It should be checked
>automatically when you present the cert.
>
>efm
>* On 2002-03-01 05:37 Rob Riggs <rob at pangalactic.org> wrote:
>
>>Sure. Since it's the web server that doing the authentication -- Apache 
>>supports CRLs.
>>
>>Now, I have no idea how to do CRLs with the Python SSL code yet, but we 
>>aren't talking about authenticating in that direction here.
>>
>>Evelyn Mitchell wrote:
>>
>>>Nice module Rob, but I was wondering whether this checks CSRs
>>>(Certificate Revocation Lists).
>>>
>>>
>>>* On 2002-03-01 05:10 Rob Riggs <rob at pangalactic.org> wrote:
>>>
>>>>Just thought I'd point the folks on this list to a new Python Cookbook 
>>>>entry I submitted on doing SSL client authentication with Apache. I 
>>>>decided to do a Python version while we were trying to get this going at 
>>>>work using Java.
>>>>
>>>>You can find the recipe here: 
>>>>http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/117004
>>>>
>>>>It's all of 12 lines of code.
>>>>
>>>>Enjoy.
>>>>
>>>>-Rob
>>>>
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>This message sent by the FRPythoneers mailing list.
>>>>Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
>>>>URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers
>>>>
>>
>>
>>_______________________________________________
>>This message sent by the FRPythoneers mailing list.
>>Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
>>URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers
>>
>






More information about the FRPythoneers mailing list