def get_cert_store(self):
"""
Get the certificate store associated with this context.
@warning: The store is NOT refcounted, and as such can not be relied
to be valid once the context goes away or is changed.
"""
return X509.X509_Store(m2.ssl_ctx_get_cert_store(self.ctx))
def get_cert_store(self):
"""
Get the certificate store associated with this context.
@warning: The store is NOT refcounted, and as such can not be relied
to be valid once the context goes away or is changed.
"""
return X509.X509_Store(m2.ssl_ctx_get_cert_store(self.ctx))
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
from M2Crypto import X509
assert not ok
assert err == m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT or \
err == m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY or \
err == m2.X509_V_ERR_CERT_UNTRUSTED or \
err == m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
assert m2.ssl_ctx_get_cert_store(ctx_ptr)
assert X509.X509(x509_ptr).as_pem()
except AssertionError:
# If we let exceptions propagate from here the
# caller may see strange errors. This is cleaner.
return 0
return 1
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
self.assertFalse(ok)
self.assertIn(err,
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
m2.X509_V_ERR_CERT_UNTRUSTED,
m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE])
self.assertTrue(m2.ssl_ctx_get_cert_store(ctx_ptr))
self.assertTrue(X509.X509(x509_ptr).as_pem())
except AssertionError:
# If we let exceptions propagate from here the
# caller may see strange errors. This is cleaner.
return 0
return 1
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
from M2Crypto import X509
assert not ok
assert err == m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT or \
err == m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY or \
err == m2.X509_V_ERR_CERT_UNTRUSTED or \
err == m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
assert m2.ssl_ctx_get_cert_store(ctx_ptr)
assert X509.X509(x509_ptr).as_pem()
except AssertionError:
# If we let exceptions propagate from here the
# caller may see strange errors. This is cleaner.
return 0
return 1
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
self.assertFalse(ok)
self.assertIn(err,
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
m2.X509_V_ERR_CERT_UNTRUSTED,
m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE])
self.assertTrue(m2.ssl_ctx_get_cert_store(ctx_ptr))
self.assertTrue(X509.X509(x509_ptr).as_pem())
except AssertionError:
# If we let exceptions propagate from here the
# caller may see strange errors. This is cleaner.
return 0
return 1
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
# If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
# aborting, this callback is called to retrieve additional error
# information. In this case, ok might not be False.
# See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
self.assertFalse(ok)
self.assertIn(err,
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
m2.X509_V_ERR_CERT_UNTRUSTED,
m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE])
self.assertTrue(m2.ssl_ctx_get_cert_store(ctx_ptr))
self.assertTrue(X509.X509(x509_ptr).as_pem())
except AssertionError:
# If we let exceptions propagate from here the
# caller may see strange errors. This is cleaner.
return 0
return 1
