M2Crypto: How to check server certificate?

[Hallvard B Furuseth]

Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

 

[Ng Pheng Siong]

Does anyone know how I check the server certificate with M2Crypto?
Currently a program I have inherited does this:

#!/local/bin/python2.2
import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
svr = Server('http://my.machine.no:8000',
SSL_Transport(), encoding='iso8859-1')
# TODO: check server certificate
secret = svr.login('myuser', 'mypassword')

Specify an SSL context:

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem')
ctx.set_verify(SSL.verify_peer, 10)
zs = Server('https://127.0.0.1:9443/', SSL_Transport(ctx))
print zs.propertyMap()

My to-be-released ZServerSSL 0.12 does client certs, too, including mapping
from a subject DN to a Zope username. The above snippet was written to test
that.

 

[Hallvard B Furuseth]

Specify an SSL context:

Thank you.

from M2Crypto import SSL
from M2Crypto.m2xmlrpclib import Server, SSL_Transport

# Server is Zope-2.6.1 on ZServerSSL/0.12.
ctx = SSL.Context('sslv3')
ctx.load_cert_chain('client.pem')

I think I can drop that when I have ca.pem...

ctx.load_verify_locations('ca.pem')

Should be load_verify_location.

Heh. That failed - correctly - because our test CA certificate is
expired.

ctx.set_verify(SSL.verify_peer, 10)

What does 10 mean? I can see from the function declaration that it is
depth, but I don't know what depth is.