On Dec 10, 2013, at 6:01 AM, Laurens Van Houtven <_...@lvh.io> wrote:

> Somehow, JP's e-mail did not make it into my inbox :-(
> 
> Anyway, using the context factory that I got from 
> ssl.PrivateCertificate.options() (which I think is CertificateOptions), I 
> wasn't able to inspect the peer certificate. That's on 13.2. Using the 
> context factory I pasted in a previous e-mail, it's now working great :)
> 
> cheers
> lvh

CertificateOptions will only set 'verify' if there are certificate authorities 
to verify against.

However, you can still CertificateOptions with a wrapper, like this:

from twisted.internet.ssl import ContextFactory
from OpenSSL import SSL

class TOFUVerify(ContextFactory):
    def __init__(self, wrapped):
        self.wrapped = wrapped

    def getContext(self):
        ctx = self.wrapped.getContext()
        ctx.set_verify(SSL.VERIFY_PEER, lambda *args: True)
        return ctx

since CertificateOptions sets a bunch of other options for you that might be 
useful.

-glyph

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Reply via email to