On Dec 10, 2013, at 6:01 AM, Laurens Van Houtven <_...@lvh.io> wrote:
> Somehow, JP's e-mail did not make it into my inbox :-( > > Anyway, using the context factory that I got from > ssl.PrivateCertificate.options() (which I think is CertificateOptions), I > wasn't able to inspect the peer certificate. That's on 13.2. Using the > context factory I pasted in a previous e-mail, it's now working great :) > > cheers > lvh CertificateOptions will only set 'verify' if there are certificate authorities to verify against. However, you can still CertificateOptions with a wrapper, like this: from twisted.internet.ssl import ContextFactory from OpenSSL import SSL class TOFUVerify(ContextFactory): def __init__(self, wrapped): self.wrapped = wrapped def getContext(self): ctx = self.wrapped.getContext() ctx.set_verify(SSL.VERIFY_PEER, lambda *args: True) return ctx since CertificateOptions sets a bunch of other options for you that might be useful. -glyph
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python