Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > python > answers

M2Crypto: How to check server certificate?

  #1  
Old July 18th, 2005, 01:20 AM
Hallvard B Furuseth
Guest
  
Posts: n/a
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

--
Hallvard
  #2  
Old July 18th, 2005, 01:21 AM
Ng Pheng Siong
Guest
  
Posts: n/a

re: M2Crypto: How to check server certificate?

According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:[color=blue]
> Does anyone know how I check the server certificate with M2Crypto?
> Currently a program I have inherited does this:
>
> #!/local/bin/python2.2
> import xmlrpclib
> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
> svr = Server('http://my.machine.no:8000',
> SSL_Transport(), encoding='iso8859-1')
> # TODO: check server certificate
> secret = svr.login('myuser', 'mypassword')[/color]

Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.


--
Ng Pheng Siong <ngps@netmemetic.com>

http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
  #3  
Old July 18th, 2005, 01:24 AM
Hallvard B Furuseth
Guest
  
Posts: n/a

re: M2Crypto: How to check server certificate?

Ng Pheng Siong wrote:[color=blue]
>According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:[color=green]
>> Does anyone know how I check the server certificate with M2Crypto?
>> Currently a program I have inherited does this:[/color]
>
> Specify an SSL context:[/color]

Thank you.
[color=blue]
> from M2Crypto import SSL
> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
>
> # Server is Zope-2.6.1 on ZServerSSL/0.12.
> ctx = SSL.Context('sslv3')
> ctx.load_cert_chain('client.pem')[/color]

I think I can drop that when I have ca.pem...
[color=blue]
> ctx.load_verify_locations('ca.pem')[/color]

Should be load_verify_location.

Heh. That failed - correctly - because our test CA certificate is
expired.
[color=blue]
> ctx.set_verify(SSL.verify_peer, 10)[/color]

What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.

--
Hallvard
Closed Thread

« previous question | next question »

Similar Threads
Thread Thread Starter Forum Replies Last Post
More M2Crypto issues. Not big ones, though. John Nagle answers 2 January 13th, 2007 05:45 AM
https client certificate validation Yogesh Chawla - PD answers 1 October 25th, 2006 07:35 PM
Automate Web Configuration D answers 3 September 7th, 2006 10:45 PM
Using HTTPSConnection and verifying server's CRT Marc Poulhičs answers 4 July 18th, 2005 09:57 PM

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 225,689 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved