473,467 Members | 1,507 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

M2Crypto: How to check server certificate?

Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

--
Hallvard
Jul 18 '05 #1
2 5593
According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')


Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.
--
Ng Pheng Siong <ng**@netmemetic.com>

http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
Jul 18 '05 #2
Ng Pheng Siong wrote:
According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:
Specify an SSL context:


Thank you.
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
I think I can drop that when I have ca.pem...
ctx.load_verify_locations('ca.pem')
Should be load_verify_location.

Heh. That failed - correctly - because our test CA certificate is
expired.
ctx.set_verify(SSL.verify_peer, 10)


What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.

--
Hallvard
Jul 18 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
SWIG related: Error after installing m2crypto undefined symbol: EVP_rc5_32_12_16_ofb
by: Sean | last post by:
System is Redhat 9.0, Python 2.2.3, Zope 2.6.2 built OpenSSL from source: 2791797 Sep 30 14:50:15 2003 openssl-0.9.7c.tar.gz used configure options to set for /usr/local and...
Python
0
Async example of SSL in M2Crypto
by: Paul Clinch | last post by:
Has anyone tried the echod-async.py example in m2crypto-0.12/demo/ssl? I am only connecting one client, the echo.py example in the same directory. Although the synchronous and threading examples...
Python
1
Client authentication https server m2crypto?
by: Fadly Tabrani | last post by:
Anybody has any ideas how to implement client authentication/peer certificate verification using the M2crypto package https server example? Fadly Tabrani
Python
0
Removing M2Crypto debug data in production code
by: Ola Natvig | last post by:
Hi all I'm writing a SSL server and we are using M2Crypto as our SSL engine. What bothers me is that on every accept it prints a lot of 'junk-data' to my stdout. It would be nice if someone knew...
Python
8
Wierd M2Crypto bug - phony "peer did not return certificate" error
by: John Nagle | last post by:
Here's a wierd problem: I have a little test case for M2Crypto, which just opens up SSL connections to web servers and reads their certificates. This works fine. But if I execute ...
Python
2
More M2Crypto issues. Not big ones, though.
by: John Nagle | last post by:
A list of small problems and bugs in the current M2Crypto: I need to look at SSL certificates in some detail, so this is all about the access functions for certificates. Bugs: 1. Off by one...
Python
8
More M2Crypto issues
by: John Nagle | last post by:
I've been running M2Crypto successfully using Python 2.4 on Windows 2000, and now I'm trying to get it to work on Python 2.3.4 on Linux. Attempting to initialize a context results in Traceback...
Python
2
M2Crypto-0.17 blocks python threads?
by: reizes | last post by:
I am having a problem with python threads and M2Crypto. It appears the M2Crypto used in multi-thread application blocks other threads from running: Environment: Linux 2.6 (centos 5.0), OpenSSL...
Python
0
ANN: M2Crypto 0.19
by: Heikki Toivonen | last post by:
I am happy to announce the M2Crypto 0.19 release! M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL...
Python
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us