Ejemplo n.º 1
0
Archivo: m2.py Proyecto: clones/kaa
    def _check(self):
        if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
            return

        kwargs = self._starttls_kwargs
        if kwargs.get('verify'):
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
                raise TLSVerificationError('Peer certificate is not signed by a known CA')

        x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj), TLSVerificationError)
        if x509 is not None:
            self.peer_cert = X509.X509(x509, 1)
        else:
            self.peer_cert = None

        if 'check' in kwargs or self.peer_cert:
            check = kwargs.get('check', (None, None))
            if check[0] is None:
                # Validate peer CN by default.
                host = self.peer[5]
            elif check[0] is False:
                # User requested to disable CN verification.
                host = None
            else:
                # User override for peer CN.
                host = check[0]
            fingerprint = check[1] if len(check) > 1 else None
            # TODO: normalize exceptions raised by Checker.
            M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)

        self._validated = True
Ejemplo n.º 2
0
    def _check(self):
        if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
            return

        kwargs = self._starttls_kwargs
        if kwargs.get('verify'):
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
                raise TLSVerificationError(
                    'Peer certificate is not signed by a known CA')

        x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj),
                                  TLSVerificationError)
        if x509 is not None:
            self.peer_cert = X509.X509(x509, 1)
        else:
            self.peer_cert = None

        if 'check' in kwargs or self.peer_cert:
            check = kwargs.get('check', (None, None))
            if check[0] is None:
                # Validate peer CN by default.
                host = self.peer[5]
            elif check[0] is False:
                # User requested to disable CN verification.
                host = None
            else:
                # User override for peer CN.
                host = check[0]
            fingerprint = check[1] if len(check) > 1 else None
            # TODO: normalize exceptions raised by Checker.
            M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)

        self._validated = True
Ejemplo n.º 3
0
 def get_peer_cert(self):
     """Return the peer certificate; if the peer did not provide
     a certificate, return None."""
     c=m2.ssl_get_peer_cert(self.ssl)
     if c is None:
         return None
     # Need to free the pointer coz OpenSSL doesn't.
     return X509.X509(c, 1)
Ejemplo n.º 4
0
 def get_peer_cert(self):
     """Return the peer certificate; if the peer did not provide 
     a certificate, return None."""
     c = m2.ssl_get_peer_cert(self.ssl)
     if c is None:
         return None
     # Need to free the pointer coz OpenSSL doesn't.
     return X509.X509(c, 1)
Ejemplo n.º 5
0
 def _check(self):
     if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
         x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
         if x509 is not None:
             x509 = X509.X509(x509, 1)
         if self.isClient:
             host = self.transport.addr[0]
         else:
             host = self.transport.getPeer().host
         if not self.postConnectionCheck(x509, host):
             raise Checker.SSLVerificationError('post connection check')
         self.checked = 1
Ejemplo n.º 6
0
 def _check(self):
     if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
         x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
         if x509 is not None:
             x509 = X509.X509(x509, 1)
         if self.isClient:
             host = self.transport.addr[0]
         else:
             host = self.transport.getPeer().host
         if not self.postConnectionCheck(x509, host):
             raise SSLVerificationError('post connection check')
         self.checked = 1
 def _check(self):
     if debug:
         print 'TwistedProtocolWrapper._check'
     
     if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
         x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
         if x509 is not None:
             x509 = X509.X509(x509, 1)
         if self.isClient:
             host = self.transport.addr[0]
         else:
             host = self.transport.getPeer().host
         if not self.postConnectionCheck(x509, host):
             raise Checker.SSLVerificationError, 'post connection check'
         self.checked = 1
    def _check(self):
        if debug:
            print 'TwistedProtocolWrapper._check'

        if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
            x = m2.ssl_get_peer_cert(self.ssl._ptr())
            if x:
                x509 = X509.X509(x, 1)
            else:
                x509 = None
            if self.isClient:
                host = self.transport.addr[0]
            else:
                host = self.transport.getPeer().host
            if not self.postConnectionCheck(x509, host):
                raise Checker.SSLVerificationError, 'post connection check'
            self.checked = 1