Is it possible to change the behavior of how standard python verifies X509 certificates? The background is that I want to filter, ignore and log some of the X509 certificate validation errors. I would like to apply universally for the Python standard library includes multiple modules that provide HTTP client functionality, including
urllib2 , and
xmlrpclib . Does the python offers a way for user to customize certificate verification behavior? Anyone can point out how to do this or link to any project that is doing that?
As per openssl doc, we can do that
we can customize how certificate verify callback with this
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_cb verify_cb);