Marc Poulhičs <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Ng Pheng Siong) writes:
>> M2Crypto does server cert verification. With M2Crypto's httpslib, you pass
>> in an SSL.Context instance to the HTTPSConnection constructor to configure
>> the SSL; one of the config knobs is cert verification. So, redo your test,
>> satisfy yourself that this is doable, and send me your code to include as
>> an example in the distribution. ;-)
Hi again!
So here are few lines that do server's CRT check. I still have one
question: see in the code. Both have the exact same description on
the documentation.
Btw, thanks for your answer (this will save me from using Perl!)
Marc
---8<-------8<-------8<-------8<----
#!/usr/bin/env python
import M2Crypto
ctx = M2Crypto.SSL.Context()
## what are the diff between these two??
#ctx.load_verify_info(cafile="/tmp/ca.crt")
ctx.load_verify_locations(cafile="/tmp/ca.crt")
# load client certificate (used to authenticate the client)
ctx.load_cert("/tmp/client.crt")
# stop if peer's certificate can't be verified
ctx.set_allow_unknown_ca(False)
# verify peer's certificate
ctx.set_verify(M2Crypto.SSL.verify_peer, 1)
con = M2Crypto.httpslib.HTTPSConnection("my.ssl.server.domain",ssl_context=ctx)
con.request("GET" , "/")
print con.getresponse().read()
---8<-------8<-------8<-------8<-----
Result here:
$ ./ssl_peer_verif.py
Enter passphrase:
send: 'GET / HTTP/1.1\r\nHost: my.ssl.server.domain:443\r\nAccept-Encoding:
identity\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Tue, 01 Feb 2005 08:41:51 GMT
header: Server: Apache/2.0.46 (Red Hat)
header: Last-Modified: Mon, 31 Jan 2005 14:50:50 GMT
header: ETag: "4297-13-24658680"
header: Accept-Ranges: bytes
header: Content-Length: 19
header: Connection: close
header: Content-Type: text/html; charset=UTF-8
THIS IS WORKING =)
--
http://mail.python.org/mailman/listinfo/python-list
