467,210 Members | 1,344 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,210 developers. It's quick & easy.

M2Crypto: How to check server certificate?

Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

--
Hallvard
Jul 18 '05 #1
  • viewed: 5307
Share:
2 Replies
According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')


Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.
--
Ng Pheng Siong <ng**@netmemetic.com>

http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
Jul 18 '05 #2
Ng Pheng Siong wrote:
According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:
Specify an SSL context:


Thank you.
from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
I think I can drop that when I have ca.pem...
ctx.load_verify_locations('ca.pem')
Should be load_verify_location.

Heh. That failed - correctly - because our test CA certificate is
expired.
ctx.set_verify(SSL.verify_peer, 10)


What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.

--
Hallvard
Jul 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Paul Clinch | last post: by
1 post views Thread by Fadly Tabrani | last post: by
reply views Thread by Ola Natvig | last post: by
2 posts views Thread by John Nagle | last post: by
8 posts views Thread by John Nagle | last post: by
2 posts views Thread by reizes@gmail.com | last post: by
reply views Thread by Heikki Toivonen | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.