M2Crypto: How to check server certificate?

Discussion in 'Python' started by Hallvard B Furuseth, Jul 6, 2003.

  1. Does anyone know how I check the server certificate with M2Crypto?
    Currently a program I have inherited does this:

    #!/local/bin/python2.2
    import xmlrpclib
    from M2Crypto.m2xmlrpclib import Server, SSL_Transport
    svr = Server('http://my.machine.no:8000',
    SSL_Transport(), encoding='iso8859-1')
    # TODO: check server certificate
    secret = svr.login('myuser', 'mypassword')
     
    Hallvard B Furuseth, Jul 6, 2003
    #1
    1. Advertisements

  2. Specify an SSL context:

    from M2Crypto import SSL
    from M2Crypto.m2xmlrpclib import Server, SSL_Transport

    # Server is Zope-2.6.1 on ZServerSSL/0.12.
    ctx = SSL.Context('sslv3')
    ctx.load_cert_chain('client.pem')
    ctx.load_verify_locations('ca.pem')
    ctx.set_verify(SSL.verify_peer, 10)
    zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
    print zs.propertyMap()

    My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
    from a subject DN to a Zope username. The above snippet was written to test
    that.
     
    Ng Pheng Siong, Jul 7, 2003
    #2
    1. Advertisements

  3. Thank you.
    I think I can drop that when I have ca.pem...
    Should be load_verify_location.

    Heh. That failed - correctly - because our test CA certificate is
    expired.
    What does 10 mean? I can see from the function declaration that it is
    depth, but I don't know what depth is.
     
    Hallvard B Furuseth, Jul 9, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.