According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:
#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')
Specify an SSL context:
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()
My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.
--
Ng Pheng Siong <ng**@netmemetic.com>
http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL