Example #1
0
def check_key(cert, key, passwd='', chain=()):
    """check_key() -> cert key
    Returns 1 if key can sign certificate.
    """
    try:
        ctx = sslip.ssl_ctx(sslip.TLSV1_CLIENT_METHOD)

        cert_obj = sslip.read_pem_cert(cert)

        # Convert chain certs to cert objects
        cert_chain = []
        for c in chain:
            cert_chain.append(sslip.read_pem_cert(c))

        ctx.use_cert(cert_obj, tuple(cert_chain))

        key_obj = sslip.read_pem_key(key, passwd)
        ctx.use_key(key_obj)

        if ctx.check_key():
            return 1
        else:
            return 0
    except:
        return 0
Example #2
0
def check_key (cert, key, passwd='', chain=()):
    """check_key() -> cert key
    Returns 1 if key can sign certificate.
    """
    try:
        ctx = sslip.ssl_ctx (sslip.TLSV1_CLIENT_METHOD)

        cert_obj = sslip.read_pem_cert(cert)

        # Convert chain certs to cert objects
        cert_chain = []
        for c in chain:
            cert_chain.append(sslip.read_pem_cert(c))

        ctx.use_cert(cert_obj, tuple(cert_chain))

        key_obj = sslip.read_pem_key(key, passwd)
        ctx.use_key(key_obj)

        if ctx.check_key():
            return 1
        else:
            return 0
    except:
        return 0
Example #3
0
def update_cert_key(cert, key, passwd='', chain=()):
    global ssl_ctx

    if cert and key:
       cert_obj = sslip.read_pem_cert(cert)
       ssl_ctx.use_cert(cert_obj, chain)

       key_obj = sslip.read_pem_key(key, passwd)
       ssl_ctx.use_key(key_obj)
Example #4
0
def update_cert_key(cert, key, passwd='', chain=()):
    global ssl_ctx

    if cert and key:
        cert_obj = sslip.read_pem_cert(cert)
        ssl_ctx.use_cert(cert_obj, chain)

        key_obj = sslip.read_pem_key(key, passwd)
        ssl_ctx.use_key(key_obj)
Example #5
0
init_defaults = 1
try:
    CERT = datafile.get_file('coro_ssl_data', 'demo-cert.txt')
    KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt')
    KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip()
    DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem')
    DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem')
except IOError:
    # ignore IOErrors here ... they SHOULD only occur when building a
    # frozen upgrade binary
    init_defaults = 0
    pass

if init_defaults:
    default_cert = sslip.read_pem_cert(CERT)
    default_key = sslip.read_pem_key(KEY, KEY_PASS)

    default_ctx = sslip.ssl_ctx(sslip.SSLV23_METHOD)
    default_ctx.use_cert(default_cert)
    default_ctx.use_key(default_key)
    # diffie-hellman parameters
    default_ctx.set_tmp_dh(DH_PARAM_512)
    default_ctx.set_options(default_ctx.get_options()
                            | sslip.SSL_OP_SINGLE_DH_USE)
    # put these two RC4 ciphers up front, they use much less CPU than 3DES
    #default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL')
else:
    default_cert = None
    default_key = None
    default_ctx = None
Example #6
0
try:
    CERT = datafile.get_file('coro_ssl_data', 'demo-cert.txt')
    KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt')
    KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip()
    DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem')
    DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem')
except IOError:
    # ignore IOErrors here ... they SHOULD only occur when building a
    # frozen upgrade binary
    init_defaults = 0
    pass


if init_defaults:
    default_cert = sslip.read_pem_cert (CERT)
    default_key = sslip.read_pem_key (KEY, KEY_PASS)

    default_ctx = sslip.ssl_ctx (sslip.SSLV23_METHOD)
    default_ctx.use_cert (default_cert)
    default_ctx.use_key  (default_key)
    # diffie-hellman parameters
    default_ctx.set_tmp_dh (DH_PARAM_512)
    default_ctx.set_options (default_ctx.get_options() | sslip.SSL_OP_SINGLE_DH_USE)
    # put these two RC4 ciphers up front, they use much less CPU than 3DES
    #default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL')
else:
    default_cert = None
    default_key = None
    default_ctx = None

# Helper code