M2Crypto: How to check server certificate?

Discussion in 'Python' started by Hallvard B Furuseth, Jul 6, 2003.

  1. Does anyone know how I check the server certificate with M2Crypto?
    Currently a program I have inherited does this:

    #!/local/bin/python2.2
    import xmlrpclib
    from M2Crypto.m2xmlrpclib import Server, SSL_Transport
    svr = Server('http://my.machine.no:8000',
    SSL_Transport(), encoding='iso8859-1')
    # TODO: check server certificate
    secret = svr.login('myuser', 'mypassword')

    --
    Hallvard
    Hallvard B Furuseth, Jul 6, 2003
    #1
    1. Advertising

  2. According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
    > Does anyone know how I check the server certificate with M2Crypto?
    > Currently a program I have inherited does this:
    >
    > #!/local/bin/python2.2
    > import xmlrpclib
    > from M2Crypto.m2xmlrpclib import Server, SSL_Transport
    > svr = Server('http://my.machine.no:8000',
    > SSL_Transport(), encoding='iso8859-1')
    > # TODO: check server certificate
    > secret = svr.login('myuser', 'mypassword')


    Specify an SSL context:

    from M2Crypto import SSL
    from M2Crypto.m2xmlrpclib import Server, SSL_Transport

    # Server is Zope-2.6.1 on ZServerSSL/0.12.
    ctx = SSL.Context('sslv3')
    ctx.load_cert_chain('client.pem')
    ctx.load_verify_locations('ca.pem')
    ctx.set_verify(SSL.verify_peer, 10)
    zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
    print zs.propertyMap()

    My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
    from a subject DN to a Zope username. The above snippet was written to test
    that.


    --
    Ng Pheng Siong <>

    http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
    http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
    Ng Pheng Siong, Jul 7, 2003
    #2
    1. Advertising

  3. Ng Pheng Siong wrote:
    >According to Hallvard B Furuseth <h.b.furuseth(nospam)@usit.uio(nospam).no>:
    >> Does anyone know how I check the server certificate with M2Crypto?
    >> Currently a program I have inherited does this:

    >
    > Specify an SSL context:


    Thank you.

    > from M2Crypto import SSL
    > from M2Crypto.m2xmlrpclib import Server, SSL_Transport
    >
    > # Server is Zope-2.6.1 on ZServerSSL/0.12.
    > ctx = SSL.Context('sslv3')
    > ctx.load_cert_chain('client.pem')


    I think I can drop that when I have ca.pem...

    > ctx.load_verify_locations('ca.pem')


    Should be load_verify_location.

    Heh. That failed - correctly - because our test CA certificate is
    expired.

    > ctx.set_verify(SSL.verify_peer, 10)


    What does 10 mean? I can see from the function declaration that it is
    depth, but I don't know what depth is.

    --
    Hallvard
    Hallvard B Furuseth, Jul 9, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fadly Tabrani
    Replies:
    1
    Views:
    477
    Paul Clinch
    Oct 21, 2004
  2. John Nagle
    Replies:
    7
    Views:
    529
    John Nagle
    Jan 13, 2007
  3. Jean-Paul Calderone
    Replies:
    0
    Views:
    353
    Jean-Paul Calderone
    Jan 19, 2007
  4. Helena Cai
    Replies:
    0
    Views:
    394
    Helena Cai
    Aug 29, 2004
  5. Replies:
    0
    Views:
    409
Loading...

Share This Page