Note location for client trust anchor hook.

svn path=/rpkid/rpki/https.py; revision=1570
author: Rob Austein <sra@hactrn.net> 2008-03-31 20:48:55 +0000
committer: Rob Austein <sra@hactrn.net> 2008-03-31 20:48:55 +0000
commit: 6d93e45f525f4e7670a0146df1a2bc27d61cb955 (patch)
tree: 9a82b9cabdd9310cdc844c35fcbf6129744c642a
parent: 01bf5f388b56c379a977a6870bed0857809e6471 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index fe36cfc9..f84d6598 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -134,10 +134,15 @@ class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer):
       return False
 
 class Checker(tlslite.api.Checker):
-  """Derived class to add a logging wrapper."""
+  """Derived class to handle X.509 client certificate checking."""
 
   def __call__(self, tlsConnection):
-    """Wrap some logging code around standard tlslite checker."""
+    """Wrap some logging code around standard tlslite.Checker class.
+
+    This is probably also the place where we need to figure out which
+    trust anchor to use, since this is the first point at which we
+    have access to the certificate chain provided by the client.
+    """
 
     for i in range(tlsConnection.session.clientCertChain.getNumCerts()):
       rpki.log.debug("Received client cert[%d] %s" % (i, tlsConnection.session.clientCertChain.x509List[i].getCommonName()))
author	Rob Austein <sra@hactrn.net>	2008-03-31 20:48:55 +0000
committer	Rob Austein <sra@hactrn.net>	2008-03-31 20:48:55 +0000
commit	6d93e45f525f4e7670a0146df1a2bc27d61cb955 (patch)
tree	9a82b9cabdd9310cdc844c35fcbf6129744c642a
parent	01bf5f388b56c379a977a6870bed0857809e6471 (diff)