T
Tim H.
I have a weird quirk with the M2Crypto module and I hope someone would be able to point me in the right direction. I am working with a colleague to develop an internal tool to check SSL certificates on a list of IPv4 addresses obtained via stdin.
We are using M2Crypto to help with validating the certificates. If we onlyhave it check one IPv4 address, it is able to provide us with the correct certificate and we are able to do our validation checks on the information that the SSL certificate contains.
However, if we try to check multiple IPv4 addresses we receive the "M2Crypto.SSL.Checker.NoCertificate". There are some cases where we should be receiving this. However, regardless of what the second or third IPv4 address is (even if it tested good as the first one), it will fail.
Context creation:
global context
context = M2Crypto.SSL.Context()
if sys.platform.startswith('linux'):
context.load_verify_info(capath="/etc/ssl/certs/") #Linux with real open SSL installed
elif sys.platform.startswith('darwin'):
context.load_verify_info(cafile=certfile)
else:
print "Unknown platform, bail!"
exit(1)
context.set_allow_unknown_ca(True)
context.set_verify(M2Crypto.SSL.verify_none,9)
Socket creation:
conn = M2Crypto.SSL.Connection(context)
socket.setdefaulttimeout(2.0)
conn.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=2))
conn.set_socket_write_timeout(M2Crypto.SSL.timeout(sec=2))
try:
conn.connect((ip,443))
The above two portions of code exist in their own functions. The latter block gets called as part of the loop over the array of addresses. The IP ispassed from the caller.
Thank you in advance!
-Tim
We are using M2Crypto to help with validating the certificates. If we onlyhave it check one IPv4 address, it is able to provide us with the correct certificate and we are able to do our validation checks on the information that the SSL certificate contains.
However, if we try to check multiple IPv4 addresses we receive the "M2Crypto.SSL.Checker.NoCertificate". There are some cases where we should be receiving this. However, regardless of what the second or third IPv4 address is (even if it tested good as the first one), it will fail.
Context creation:
global context
context = M2Crypto.SSL.Context()
if sys.platform.startswith('linux'):
context.load_verify_info(capath="/etc/ssl/certs/") #Linux with real open SSL installed
elif sys.platform.startswith('darwin'):
context.load_verify_info(cafile=certfile)
else:
print "Unknown platform, bail!"
exit(1)
context.set_allow_unknown_ca(True)
context.set_verify(M2Crypto.SSL.verify_none,9)
Socket creation:
conn = M2Crypto.SSL.Connection(context)
socket.setdefaulttimeout(2.0)
conn.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=2))
conn.set_socket_write_timeout(M2Crypto.SSL.timeout(sec=2))
try:
conn.connect((ip,443))
The above two portions of code exist in their own functions. The latter block gets called as part of the loop over the array of addresses. The IP ispassed from the caller.
Thank you in advance!
-Tim