Connecting Tech Pros Worldwide Help | Site Map
bytes > groups > Python

M2Crypto: How to check server certificate?

 
LinkBack Thread Tools Search this Thread
  #1  
Old July 18th, 2005, 12:20 AM
Hallvard B Furuseth
Guest
  
Posts: n/a
Default M2Crypto: How to check server certificate?
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

--
Hallvard

  #2  
Old July 18th, 2005, 12:21 AM
Ng Pheng Siong
Guest
  
Posts: n/a
Default Re: M2Crypto: How to check server certificate?
According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:[color=blue]
> Does anyone know how I check the server certificate with M2Crypto?
> Currently a program I have inherited does this:
>
> #!/local/bin/python2.2
> import xmlrpclib
> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
> svr = Server('http://my.machine.no:8000',
> SSL_Transport(), encoding='iso8859-1')
> # TODO: check server certificate
> secret = svr.login('myuser', 'mypassword')[/color]

Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.


--
Ng Pheng Siong <ngps@netmemetic.com>

http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
  #3  
Old July 18th, 2005, 12:24 AM
Hallvard B Furuseth
Guest
  
Posts: n/a
Default Re: M2Crypto: How to check server certificate?
Ng Pheng Siong wrote:[color=blue]
>According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:[color=green]
>> Does anyone know how I check the server certificate with M2Crypto?
>> Currently a program I have inherited does this:[/color]
>
> Specify an SSL context:[/color]

Thank you.
[color=blue]
> from M2Crypto import SSL
> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
>
> # Server is Zope-2.6.1 on ZServerSSL/0.12.
> ctx = SSL.Context('sslv3')
> ctx.load_cert_chain('client.pem')[/color]

I think I can drop that when I have ca.pem...
[color=blue]
> ctx.load_verify_locations('ca.pem')[/color]

Should be load_verify_location.

Heh. That failed - correctly - because our test CA certificate is
expired.
[color=blue]
> ctx.set_verify(SSL.verify_peer, 10)[/color]

What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.

--
Hallvard
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Popular Articles

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 220,662 network members.
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved