thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aki Sukegawa <>
Subject Re: Mutual Auth in Python
Date Mon, 25 Jan 2016 16:03:41 GMT
Hi j.barrett,

Thanks for bringing this up.
Your observation is correct.
The patch only enables what is already done in standard library and does
not handle hostname verification.
I don't think it's possible for Python < 2.7.9 without modifying Thrift
It's kind of a bug since it's done for server certs and without this it
only gives false sense of security.
Could you file an issue in our JIRA ?

If you happened to be interested in contributing, I'll definitely check out
your implementation and work for the merge.
Either way, I guess we need it before the next release.

On Sun, Jan 24, 2016 at 9:54 PM j.barrett Strausser <> wrote:

> Does release 0.9.3 support mutual authentication in Python on version
> 2.7.6? By Mutual Auth I mean does the server check that the client has a
> cert that has been signed by the servers PKI (cert,key)?
> Looking at the source it appears that it does not?
> It is supported in 0.9.4? In this commit it appears to have been
> introduced.
> In particular I'm assuming the line below is the relevant test case for
> mutual auth?
> If all the above is the case, does the server side perform hostname
> verification on the client common name?  Any thoughts on how to handle that
> in 2.7.6?
> Thanks,
> -b
> --
> @deepbearrito

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message