def _check(self): if self._validated or not m2.ssl_is_init_finished(self._ssl.obj): return kwargs = self._starttls_kwargs if kwargs.get('verify'): # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS # for the error codes returned by SSL_get_verify_result. if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK: raise TLSVerificationError('Peer certificate is not signed by a known CA') x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj), TLSVerificationError) if x509 is not None: self.peer_cert = X509.X509(x509, 1) else: self.peer_cert = None if 'check' in kwargs or self.peer_cert: check = kwargs.get('check', (None, None)) if check[0] is None: # Validate peer CN by default. host = self.peer[5] elif check[0] is False: # User requested to disable CN verification. host = None else: # User override for peer CN. host = check[0] fingerprint = check[1] if len(check) > 1 else None # TODO: normalize exceptions raised by Checker. M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert) self._validated = True
def _check(self): if self._validated or not m2.ssl_is_init_finished(self._ssl.obj): return kwargs = self._starttls_kwargs if kwargs.get('verify'): # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS # for the error codes returned by SSL_get_verify_result. if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK: raise TLSVerificationError( 'Peer certificate is not signed by a known CA') x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj), TLSVerificationError) if x509 is not None: self.peer_cert = X509.X509(x509, 1) else: self.peer_cert = None if 'check' in kwargs or self.peer_cert: check = kwargs.get('check', (None, None)) if check[0] is None: # Validate peer CN by default. host = self.peer[5] elif check[0] is False: # User requested to disable CN verification. host = None else: # User override for peer CN. host = check[0] fingerprint = check[1] if len(check) > 1 else None # TODO: normalize exceptions raised by Checker. M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert) self._validated = True
def get_peer_cert(self): """Return the peer certificate; if the peer did not provide a certificate, return None.""" c=m2.ssl_get_peer_cert(self.ssl) if c is None: return None # Need to free the pointer coz OpenSSL doesn't. return X509.X509(c, 1)
def get_peer_cert(self): """Return the peer certificate; if the peer did not provide a certificate, return None.""" c = m2.ssl_get_peer_cert(self.ssl) if c is None: return None # Need to free the pointer coz OpenSSL doesn't. return X509.X509(c, 1)
def _check(self): if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()): x509 = m2.ssl_get_peer_cert(self.ssl._ptr()) if x509 is not None: x509 = X509.X509(x509, 1) if self.isClient: host = self.transport.addr[0] else: host = self.transport.getPeer().host if not self.postConnectionCheck(x509, host): raise Checker.SSLVerificationError('post connection check') self.checked = 1
def _check(self): if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()): x509 = m2.ssl_get_peer_cert(self.ssl._ptr()) if x509 is not None: x509 = X509.X509(x509, 1) if self.isClient: host = self.transport.addr[0] else: host = self.transport.getPeer().host if not self.postConnectionCheck(x509, host): raise SSLVerificationError('post connection check') self.checked = 1
def _check(self): if debug: print 'TwistedProtocolWrapper._check' if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()): x509 = m2.ssl_get_peer_cert(self.ssl._ptr()) if x509 is not None: x509 = X509.X509(x509, 1) if self.isClient: host = self.transport.addr[0] else: host = self.transport.getPeer().host if not self.postConnectionCheck(x509, host): raise Checker.SSLVerificationError, 'post connection check' self.checked = 1
def _check(self): if debug: print 'TwistedProtocolWrapper._check' if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()): x = m2.ssl_get_peer_cert(self.ssl._ptr()) if x: x509 = X509.X509(x, 1) else: x509 = None if self.isClient: host = self.transport.addr[0] else: host = self.transport.getPeer().host if not self.postConnectionCheck(x509, host): raise Checker.SSLVerificationError, 'post connection check' self.checked = 1