473,804 Members | 2,986 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

M2Crypto: How to check server certificate?

Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlr pclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8 000',
SSL_Transport() , encoding='iso88 59-1')
# TODO: check server certificate
secret = svr.login('myus er', 'mypassword')

--
Hallvard
Jul 18 '05 #1
2 5617
According to Hallvard B Furuseth <h.b.furuseth(n ospam)@usit.uio (nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlr pclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8 000',
SSL_Transport() , encoding='iso88 59-1')
# TODO: check server certificate
secret = svr.login('myus er', 'mypassword')


Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlr pclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('ss lv3')
ctx.load_cert_c hain('client.pe m')
ctx.load_verify _locations('ca. pem')
ctx.set_verify( SSL.verify_peer , 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(c tx))
print zs.propertyMap( )

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.
--
Ng Pheng Siong <ng**@netmemeti c.com>

http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
Jul 18 '05 #2
Ng Pheng Siong wrote:
According to Hallvard B Furuseth <h.b.furuseth(n ospam)@usit.uio (nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:
Specify an SSL context:


Thank you.
from M2Crypto import SSL
from M2Crypto.m2xmlr pclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('ss lv3')
ctx.load_cert_c hain('client.pe m')
I think I can drop that when I have ca.pem...
ctx.load_verify _locations('ca. pem')
Should be load_verify_loc ation.

Heh. That failed - correctly - because our test CA certificate is
expired.
ctx.set_verify( SSL.verify_peer , 10)


What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.

--
Hallvard
Jul 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
8
2224
SWIG related: Error after installing m2crypto undefined symbol: EVP_rc5_32_12_16_ofb
by: Sean | last post by:
System is Redhat 9.0, Python 2.2.3, Zope 2.6.2 built OpenSSL from source: 2791797 Sep 30 14:50:15 2003 openssl-0.9.7c.tar.gz used configure options to set for /usr/local and /usr/local/openssl make make test make install
Python
0
1758
Async example of SSL in M2Crypto
by: Paul Clinch | last post by:
Has anyone tried the echod-async.py example in m2crypto-0.12/demo/ssl? I am only connecting one client, the echo.py example in the same directory. Although the synchronous and threading examples work ok, the async server goes into an infinite loop:- LOOP: SSL accept: before/accept initialization LOOP: SSL accept: SSLv3 read client hello A LOOP: SSL accept: SSLv3 write server hello A LOOP: SSL accept: SSLv3 write certificate A LOOP: SSL...
Python
1
1855
Client authentication https server m2crypto?
by: Fadly Tabrani | last post by:
Anybody has any ideas how to implement client authentication/peer certificate verification using the M2crypto package https server example? Fadly Tabrani
Python
0
1080
Removing M2Crypto debug data in production code
by: Ola Natvig | last post by:
Hi all I'm writing a SSL server and we are using M2Crypto as our SSL engine. What bothers me is that on every accept it prints a lot of 'junk-data' to my stdout. It would be nice if someone knew a way to get M2Crypto out of debug mode and into a more silent mode. LOOP: SSL accept: before/accept initialization LOOP: SSL accept: SSLv3 read client hello A LOOP: SSL accept: SSLv3 write server hello A
Python
8
3289
Wierd M2Crypto bug - phony "peer did not return certificate" error
by: John Nagle | last post by:
Here's a wierd problem: I have a little test case for M2Crypto, which just opens up SSL connections to web servers and reads their certificates. This works fine. But if I execute socket.setdefaulttimeout(5.0) so that the sockets don't wait too long if there's no SSL server, I get
Python
2
1903
More M2Crypto issues. Not big ones, though.
by: John Nagle | last post by:
A list of small problems and bugs in the current M2Crypto: I need to look at SSL certificates in some detail, so this is all about the access functions for certificates. Bugs: 1. Off by one error at "X509.get_ext_count()". Reports eight extensions on a certificate that only has seven. get_ext_at works for extensions 0..6, then returns an undefined for the nonexistent #7.
Python
8
2984
More M2Crypto issues
by: John Nagle | last post by:
I've been running M2Crypto successfully using Python 2.4 on Windows 2000, and now I'm trying to get it to work on Python 2.3.4 on Linux. Attempting to initialize a context results in Traceback (most recent call last): File "/www/htdocs/sitetruth.com/cgi/ratingdetails.cgi", line 46, in ? DetailsPageBuilder.detailspage(kdbfile,ktemplatefile,url) # check and display domain or URL as web page File "./sitetruth/DetailsPageBuilder.py", line...
Python
2
2188
M2Crypto-0.17 blocks python threads?
by: reizes | last post by:
I am having a problem with python threads and M2Crypto. It appears the M2Crypto used in multi-thread application blocks other threads from running: Environment: Linux 2.6 (centos 5.0), OpenSSL 0.9.8b, M2Crypto-0.17 I am using echod-thread.py and echo.py as test vehicles. Start up echod-thread.py Connect with echo.py - everything looks ok, but connect with second
Python
0
1190
ANN: M2Crypto 0.19
by: Heikki Toivonen | last post by:
I am happy to announce the M2Crypto 0.19 release! M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and...
Python
0
9706
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9579
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10077
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
6853
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5522
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5651
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4300
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3820
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2991
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us