Marc Poulhičs <ma***********@NO-SP4Mepfl.ch> writes:
ng**@netmemetic.com (Ng Pheng Siong) writes:
M2Crypto does server cert verification. With M2Crypto's httpslib, you pass
in an SSL.Context instance to the HTTPSConnection constructor to configure
the SSL; one of the config knobs is cert verification. So, redo your test,
satisfy yourself that this is doable, and send me your code to include as
an example in the distribution. ;-)
Hi again!
So here are few lines that do server's CRT check. I still have one
question: see in the code. Both have the exact same description on
the documentation.
Btw, thanks for your answer (this will save me from using Perl!)
Marc
---8<-------8<-------8<-------8<----
#!/usr/bin/env python
import M2Crypto
ctx = M2Crypto.SSL.Context()
## what are the diff between these two??
#ctx.load_verify_info(cafile="/tmp/ca.crt")
ctx.load_verify_locations(cafile="/tmp/ca.crt")
# load client certificate (used to authenticate the client)
ctx.load_cert("/tmp/client.crt")
# stop if peer's certificate can't be verified
ctx.set_allow_unknown_ca(False)
# verify peer's certificate
ctx.set_verify(M2Crypto.SSL.verify_peer, 1)
con = M2Crypto.httpslib.HTTPSConnection("my.ssl.server.d omain",ssl_context=ctx)
con.request("GET" , "/")
print con.getresponse().read()
---8<-------8<-------8<-------8<-----
Result here:
$ ./ssl_peer_verif.py
Enter passphrase:
send: 'GET / HTTP/1.1\r\nHost: my.ssl.server.domain:443\r\nAccept-Encoding: identity\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Tue, 01 Feb 2005 08:41:51 GMT
header: Server: Apache/2.0.46 (Red Hat)
header: Last-Modified: Mon, 31 Jan 2005 14:50:50 GMT
header: ETag: "4297-13-24658680"
header: Accept-Ranges: bytes
header: Content-Length: 19
header: Connection: close
header: Content-Type: text/html; charset=UTF-8
THIS IS WORKING =)