Ghirai wrote: > Would you mind sharing some code? The module is pretty ugly and on top has no > docs whatsoever; got tired of reading the source...
Did you find out the right homepage at http://chandlerproject.org/Projects/MeTooCrypto? The original author, ngps, hasn't been involved in the project for years, yet for some reason his page still comes up first when you search with Google. The real M2Crypto homepage includes a short SSL howto. In there is a 5 line sample client script. But here is the equivalent of what JP wrote in M2Crypto: from M2Crypto import SSL ctx = SSL.Context('sslv3') # If you comment out these lines, the connection won't be secure #ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9) #if ctx.load_verify_locations('ca.pem') != 1: raise Exception('No CA certs') c = SSL.Connection(ctx) c.connect(('www.google.com', 443)) # automatically checks cert matches host c.send('GET / HTTP/1.1\r\n\r\n') cert = c.get_peer_cert() print cert.get_issuer() # actually returns X509_Name object print cert.get_subject() # actually returns X509_Name object I should point out that M2Crypto really tries to make things safe by default. For example with SSL, you will have to explicitly request weak crypto to get SSLv2 and weak ciphers, and by default in client mode it will check that the certificate hostname matches the hostname you tried to connect to. You can override these if you want. The examples typically show how to do things the safe way. M2Crypto has over 200 unit tests, which I think offer a reasonable way of checking how to use the API. You can generate the M2Crypto API documentation yourself, but it is pretty minimal. I'll see if I can find some cycles to flesh it out. pyOpenSSL has the API documentation online, arguably in a nicer format even, but there doesn't seem to be much more of it IMO. Both M2Crypto and pyOpenSSL recommend you to go read the OpenSSL documentation since most things are pretty thin wrappers around OpenSSL. But really, for anyone doing any serious SSL development using OpenSSL or any OpenSSL wrappers I recommend you go read "Network Security with OpenSSL" by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X. But just for your viewing pleasure, I just generated the M2Crypto API documentation and put a link to it from the M2Crypto homepage: http://chandlerproject.org/Projects/MeTooCrypto -- Heikki Toivonen - http://www.heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
