Marc Poulhiès <ma***********@ NO-SP4Mepfl.ch> writes:
ng**@netmemetic .com (Ng Pheng Siong) writes:
M2Crypto does server cert verification. With M2Crypto's httpslib, you pass
in an SSL.Context instance to the HTTPSConnection constructor to configure
the SSL; one of the config knobs is cert verification. So, redo your test,
satisfy yourself that this is doable, and send me your code to include as
an example in the distribution. ;-)
Hi again!
So here are few lines that do server's CRT check. I still have one
question: see in the code. Both have the exact same description on
the documentation.
Btw, thanks for your answer (this will save me from using Perl!)
Marc
---8<-------8<-------8<-------8<----
#!/usr/bin/env python
import M2Crypto
ctx = M2Crypto.SSL.Co ntext()
## what are the diff between these two??
#ctx.load_verif y_info(cafile="/tmp/ca.crt")
ctx.load_verify _locations(cafi le="/tmp/ca.crt")
# load client certificate (used to authenticate the client)
ctx.load_cert("/tmp/client.crt")
# stop if peer's certificate can't be verified
ctx.set_allow_u nknown_ca(False )
# verify peer's certificate
ctx.set_verify( M2Crypto.SSL.ve rify_peer, 1)
con = M2Crypto.httpsl ib.HTTPSConnect ion("my.ssl.ser ver.domain",ssl _context=ctx)
con.request("GE T" , "/")
print con.getresponse ().read()
---8<-------8<-------8<-------8<-----
Result here:
$ ./ssl_peer_verif. py
Enter passphrase:
send: 'GET / HTTP/1.1\r\nHost: my.ssl.server.d omain:443\r\nAc cept-Encoding: identity\r\n\r\ n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Tue, 01 Feb 2005 08:41:51 GMT
header: Server: Apache/2.0.46 (Red Hat)
header: Last-Modified: Mon, 31 Jan 2005 14:50:50 GMT
header: ETag: "4297-13-24658680"
header: Accept-Ranges: bytes
header: Content-Length: 19
header: Connection: close
header: Content-Type: text/html; charset=UTF-8
THIS IS WORKING =)