def connect_trusted_root(self, sock, root_cert, crl_certs):
self.ca_path = self.cert_path + "ca/"
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
f = verify(server_cert, crl_certs, flag)
if not f:
flag = 1
elif f == 1:
raise Exception(1)
else:
import time
time.sleep(0.1)
try:
if self.FORCE_SSL_VERSION:
add = {"ssl_version": self.FORCE_SSL_VERSION}
else:
add = {}
add["cert_reqs"] = ssl.CERT_REQUIRED
# try to use PyOpenSSL by default
if PYOPENSSL_AVAILABLE:
wrap_class = PyOpenSSLSocket
add["keyobj"] = self.keyobj
add["certobj"] = self.certobj
add["keyfile"] = self.key_file
add["certfile"] = self.cert_file
else:
wrap_class = ssl.SSLSocket
self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add)
return 0
except:
return 1
def connect_trusted_root(self, sock, root_cert, crl_certs):
self.ca_path = self.cert_path + "ca/"
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
f = verify(server_cert, crl_certs, flag)
if not f:
flag = 1
elif f == 1:
sys.exit()
else:
import time
time.sleep(1)
try:
self.sock = ssl.wrap_socket(
sock,
certfile=self.cert_file,
keyfile=self.key_file,
ca_certs=root_cert,
ssl_version=ssl.PROTOCOL_SSLv23,
cert_reqs=ssl.CERT_REQUIRED,
)
dercert_after_connect = self.sock.getpeercert(True)
cert_after_connect = ssl.DER_cert_to_PEM_cert(dercert_after_connect)
if not server_cert == cert_after_connect:
print "\n" + _("WARNING! %s trying to replace the certificate!") % self.host + "\n"
self.sock.close()
return 2
return 0
except:
return 1
def connect_trusted_server(self, sock, crl_certs):
self.trusted_path = self.cert_path + "trusted/"
ca_cert_list = self.trusted_path + "cert.list"
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
f = verify(server_cert, crl_certs, flag)
if not f:
flag = 1
elif f == 1:
sys.exit()
# if not hasattr(HTTPSClientCertTransport, 'filename') or \
# HTTPSClientCertTransport.filename == None:
HTTPSClientCertTransport.filename = self.cert_list(self.host, ca_cert_list, server_cert)
if HTTPSClientCertTransport.filename:
try:
self.sock = ssl.wrap_socket(
sock,
certfile=self.cert_file,
keyfile=self.key_file,
# ca_certs = self.ca_path + self.filename, \
ssl_version=ssl.PROTOCOL_SSLv23,
cert_reqs=ssl.CERT_NONE,
)
dercert_after_connect = self.sock.getpeercert(True)
cert_after_connect = ssl.DER_cert_to_PEM_cert(dercert_after_connect)
# filename2 = \
# self.cert_list (self.host, ca_cert_list, cert_after_connect)
# if not HTTPSClientCertTransport.filename == filename2:
# print _("\nWARNING!!! %s trying to replace certificate!\n")\
#%self.host
# self.sock.close()
# return 2
return 0
except Exception, e:
print e
# print _("Error. May be a server cert or secret key not valid ")
# print _("or your certificate %s is not trusted") %self.cert_file
HTTPSClientCertTransport.filename = None
return 1
def connect_trusted_server(self, sock, crl_certs):
self.trusted_path = self.cert_path + "trusted/"
ca_cert_list = self.trusted_path + "cert.list"
server_cert = ssl.get_server_certificate(addr=(self.host, self.port))
global flag
if self.cert_file:
f = verify(server_cert, crl_certs, flag)
if not f:
flag = 1
elif f == 1:
raise Exception(1)
# if not hasattr(HTTPSClientCertTransport, 'filename') or \
# HTTPSClientCertTransport.filename == None:
HTTPSClientCertTransport.filename = self.cert_list(self.host, ca_cert_list, server_cert)
if HTTPSClientCertTransport.filename:
try:
if self.FORCE_SSL_VERSION:
add = {"ssl_version": self.FORCE_SSL_VERSION}
else:
add = {}
add["cert_reqs"] = ssl.CERT_NONE
# try to use PyOpenSSL by default
if PYOPENSSL_AVAILABLE:
wrap_class = PyOpenSSLSocket
add["keyobj"] = self.keyobj
add["certobj"] = self.certobj
add["keyfile"] = self.key_file
add["certfile"] = self.cert_file
else:
wrap_class = ssl.SSLSocket
self.sock = wrap_class(sock, ca_certs=None, **add)
return 0
except Exception:
# print (e)
HTTPSClientCertTransport.filename = None
return 1
else:
return self.add_server_cert(server_cert)
