On Dec 10, 2013, at 6:01 AM, Laurens Van Houtven <_...@lvh.io> wrote:
> Somehow, JP's e-mail did not make it into my inbox :-(
>
> Anyway, using the context factory that I got from
> ssl.PrivateCertificate.options() (which I think is CertificateOptions), I
> wasn't able to inspect the peer certificate. That's on 13.2. Using the
> context factory I pasted in a previous e-mail, it's now working great :)
>
> cheers
> lvh
CertificateOptions will only set 'verify' if there are certificate authorities
to verify against.
However, you can still CertificateOptions with a wrapper, like this:
from twisted.internet.ssl import ContextFactory
from OpenSSL import SSL
class TOFUVerify(ContextFactory):
def __init__(self, wrapped):
self.wrapped = wrapped
def getContext(self):
ctx = self.wrapped.getContext()
ctx.set_verify(SSL.VERIFY_PEER, lambda *args: True)
return ctx
since CertificateOptions sets a bunch of other options for you that might be
useful.
-glyph
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
