def _check(self):
if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
return
kwargs = self._starttls_kwargs
if kwargs.get('verify'):
# See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
# for the error codes returned by SSL_get_verify_result.
if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
raise TLSVerificationError('Peer certificate is not signed by a known CA')
x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj), TLSVerificationError)
if x509 is not None:
self.peer_cert = X509.X509(x509, 1)
else:
self.peer_cert = None
if 'check' in kwargs or self.peer_cert:
check = kwargs.get('check', (None, None))
if check[0] is None:
# Validate peer CN by default.
host = self.peer[5]
elif check[0] is False:
# User requested to disable CN verification.
host = None
else:
# User override for peer CN.
host = check[0]
fingerprint = check[1] if len(check) > 1 else None
# TODO: normalize exceptions raised by Checker.
M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)
self._validated = True
def _check(self):
if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
return
kwargs = self._starttls_kwargs
if kwargs.get('verify'):
# See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
# for the error codes returned by SSL_get_verify_result.
if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
raise TLSVerificationError(
'Peer certificate is not signed by a known CA')
x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj),
TLSVerificationError)
if x509 is not None:
self.peer_cert = X509.X509(x509, 1)
else:
self.peer_cert = None
if 'check' in kwargs or self.peer_cert:
check = kwargs.get('check', (None, None))
if check[0] is None:
# Validate peer CN by default.
host = self.peer[5]
elif check[0] is False:
# User requested to disable CN verification.
host = None
else:
# User override for peer CN.
host = check[0]
fingerprint = check[1] if len(check) > 1 else None
# TODO: normalize exceptions raised by Checker.
M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)
self._validated = True
def get_peer_cert(self):
"""Return the peer certificate; if the peer did not provide
a certificate, return None."""
c=m2.ssl_get_peer_cert(self.ssl)
if c is None:
return None
# Need to free the pointer coz OpenSSL doesn't.
return X509.X509(c, 1)
def get_peer_cert(self):
"""Return the peer certificate; if the peer did not provide
a certificate, return None."""
c = m2.ssl_get_peer_cert(self.ssl)
if c is None:
return None
# Need to free the pointer coz OpenSSL doesn't.
return X509.X509(c, 1)
def _check(self):
if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
if x509 is not None:
x509 = X509.X509(x509, 1)
if self.isClient:
host = self.transport.addr[0]
else:
host = self.transport.getPeer().host
if not self.postConnectionCheck(x509, host):
raise Checker.SSLVerificationError('post connection check')
self.checked = 1
def _check(self):
if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
if x509 is not None:
x509 = X509.X509(x509, 1)
if self.isClient:
host = self.transport.addr[0]
else:
host = self.transport.getPeer().host
if not self.postConnectionCheck(x509, host):
raise SSLVerificationError('post connection check')
self.checked = 1
def _check(self):
if debug:
print 'TwistedProtocolWrapper._check'
if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
if x509 is not None:
x509 = X509.X509(x509, 1)
if self.isClient:
host = self.transport.addr[0]
else:
host = self.transport.getPeer().host
if not self.postConnectionCheck(x509, host):
raise Checker.SSLVerificationError, 'post connection check'
self.checked = 1
def _check(self):
if debug:
print 'TwistedProtocolWrapper._check'
if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
x = m2.ssl_get_peer_cert(self.ssl._ptr())
if x:
x509 = X509.X509(x, 1)
else:
x509 = None
if self.isClient:
host = self.transport.addr[0]
else:
host = self.transport.getPeer().host
if not self.postConnectionCheck(x509, host):
raise Checker.SSLVerificationError, 'post connection check'
self.checked = 1