def check_key(cert, key, passwd='', chain=()): """check_key() -> cert key Returns 1 if key can sign certificate. """ try: ctx = sslip.ssl_ctx(sslip.TLSV1_CLIENT_METHOD) cert_obj = sslip.read_pem_cert(cert) # Convert chain certs to cert objects cert_chain = [] for c in chain: cert_chain.append(sslip.read_pem_cert(c)) ctx.use_cert(cert_obj, tuple(cert_chain)) key_obj = sslip.read_pem_key(key, passwd) ctx.use_key(key_obj) if ctx.check_key(): return 1 else: return 0 except: return 0
def check_key (cert, key, passwd='', chain=()): """check_key() -> cert key Returns 1 if key can sign certificate. """ try: ctx = sslip.ssl_ctx (sslip.TLSV1_CLIENT_METHOD) cert_obj = sslip.read_pem_cert(cert) # Convert chain certs to cert objects cert_chain = [] for c in chain: cert_chain.append(sslip.read_pem_cert(c)) ctx.use_cert(cert_obj, tuple(cert_chain)) key_obj = sslip.read_pem_key(key, passwd) ctx.use_key(key_obj) if ctx.check_key(): return 1 else: return 0 except: return 0
def update_cert_key(cert, key, passwd='', chain=()): global ssl_ctx if cert and key: cert_obj = sslip.read_pem_cert(cert) ssl_ctx.use_cert(cert_obj, chain) key_obj = sslip.read_pem_key(key, passwd) ssl_ctx.use_key(key_obj)
init_defaults = 1 try: CERT = datafile.get_file('coro_ssl_data', 'demo-cert.txt') KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt') KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip() DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem') DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem') except IOError: # ignore IOErrors here ... they SHOULD only occur when building a # frozen upgrade binary init_defaults = 0 pass if init_defaults: default_cert = sslip.read_pem_cert(CERT) default_key = sslip.read_pem_key(KEY, KEY_PASS) default_ctx = sslip.ssl_ctx(sslip.SSLV23_METHOD) default_ctx.use_cert(default_cert) default_ctx.use_key(default_key) # diffie-hellman parameters default_ctx.set_tmp_dh(DH_PARAM_512) default_ctx.set_options(default_ctx.get_options() | sslip.SSL_OP_SINGLE_DH_USE) # put these two RC4 ciphers up front, they use much less CPU than 3DES #default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL') else: default_cert = None default_key = None default_ctx = None
try: CERT = datafile.get_file('coro_ssl_data', 'demo-cert.txt') KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt') KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip() DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem') DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem') except IOError: # ignore IOErrors here ... they SHOULD only occur when building a # frozen upgrade binary init_defaults = 0 pass if init_defaults: default_cert = sslip.read_pem_cert (CERT) default_key = sslip.read_pem_key (KEY, KEY_PASS) default_ctx = sslip.ssl_ctx (sslip.SSLV23_METHOD) default_ctx.use_cert (default_cert) default_ctx.use_key (default_key) # diffie-hellman parameters default_ctx.set_tmp_dh (DH_PARAM_512) default_ctx.set_options (default_ctx.get_options() | sslip.SSL_OP_SINGLE_DH_USE) # put these two RC4 ciphers up front, they use much less CPU than 3DES #default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL') else: default_cert = None default_key = None default_ctx = None # Helper code