S
Seb
I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
50 class SSLTCPServer(TCPServer):
51 keyFile = "sslcert/server.key"
52 certFile = "sslcert/server.crt"
53 def __init__(self, server_address, RequestHandlerClass):
54 ctx = SSL.Context(SSL.SSLv23_METHOD)
55 ctx.use_privatekey_file(self.keyFile)
56 ctx.use_certificate_file(self.certFile)
57 ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
58 ctx.set_verify_depth(10)
59 ctx.set_session_id('DFS')
60
61 self.server_address = server_address
62 self.RequestHandlerClass = RequestHandlerClass
63 self.socket = socket.socket(self.address_family,
self.socket_type)
64 self.socket = SSL.Connection(ctx, self.socket)
65 self.socket.bind(self.server_address)
66 self.socket.listen(self.request_queue_size)
67
68 def _verify(self, conn, cert, errno, depth, retcode):
69 return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
50 class SSLTCPServer(TCPServer):
51 keyFile = "sslcert/server.key"
52 certFile = "sslcert/server.crt"
53 def __init__(self, server_address, RequestHandlerClass):
54 ctx = SSL.Context(SSL.SSLv23_METHOD)
55 ctx.use_privatekey_file(self.keyFile)
56 ctx.use_certificate_file(self.certFile)
57 ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
58 ctx.set_verify_depth(10)
59 ctx.set_session_id('DFS')
60
61 self.server_address = server_address
62 self.RequestHandlerClass = RequestHandlerClass
63 self.socket = socket.socket(self.address_family,
self.socket_type)
64 self.socket = SSL.Connection(ctx, self.socket)
65 self.socket.bind(self.server_address)
66 self.socket.listen(self.request_queue_size)
67
68 def _verify(self, conn, cert, errno, depth, retcode):
69 return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'