def test05_open_with_subj_alt_names_verification(self):
ctx = SSL.Context(SSL.TLSv1_2_METHOD)
# Set wildcard hostname for subject alternative name matching -
# setting a minimum of two name components for hostname
split_hostname = Constants.HOSTNAME.split('.', 1)
if len(split_hostname) > 1:
_hostname = '*.' + split_hostname[-1]
else:
_hostname = Constants.HOSTNAME
server_ssl_verify = ServerSSLCertVerification(hostname=_hostname)
verify_callback_ = server_ssl_verify.get_verify_server_cert_func()
ctx.set_verify(SSL.VERIFY_PEER, verify_callback_)
# Set default verify paths if testing with peer that has corresponding
# CA cert in bundle provided with the OS. In this case, load verify
# locations is not needed.
#ctx.set_default_verify_paths()
ctx.set_verify_depth(9)
# Set correct location for CA certs to verify with
ctx.load_verify_locations(None, Constants.CACERT_DIR)
opener = build_opener(ssl_context=ctx)
res = opener.open(Constants.TEST_URI)
self.assertTrue(res)
print("res = %s" % res.read())
def set_peer_verification_for_url_hostname(ssl_context, url,
if_verify_enabled=False):
'''Convenience routine to set peer verification callback based on
ServerSSLCertVerification class'''
if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER):
urlObj = urlparse_.urlparse(url)
hostname = urlObj.hostname
server_ssl_cert_verif = ServerSSLCertVerification(hostname=hostname)
verify_callback_ = server_ssl_cert_verif.get_verify_server_cert_func()
ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback_)
def test04_ssl_verification_with_subj_alt_name(self):
ctx = SSL.Context(SSL.SSLv3_METHOD)
verify_callback = ServerSSLCertVerification(hostname='localhost')
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
ctx.set_verify_depth(9)
# Set correct location for CA certs to verify with
ctx.load_verify_locations(None, Constants.CACERT_DIR)
conn = HTTPSConnection(Constants.HOSTNAME,
port=Constants.PORT,
ssl_context=ctx)
conn.connect()
conn.request('GET', '/')
resp = conn.getresponse()
print('Response = %s' % resp.read())
def test04_ssl_verification_with_subj_common_name(self):
ctx = SSL.Context(SSL.TLSv1_METHOD)
# Explicitly set verification of peer hostname using peer certificate
# subject common name
verification = ServerSSLCertVerification(hostname='localhost',
subj_alt_name_match=False)
verify_callback = verification.get_verify_server_cert_func()
ctx.set_verify(SSL.VERIFY_PEER, verify_callback)
ctx.set_verify_depth(9)
# Set correct location for CA certs to verify with
ctx.load_verify_locations(None, Constants.CACERT_DIR)
conn = HTTPSConnection(Constants.HOSTNAME,
port=Constants.PORT,
ssl_context=ctx)
conn.connect()
conn.request('GET', '/')
resp = conn.getresponse()
print('Response = %s' % resp.read())
