def client_certificate_callback(self, connection, x509, errno, depth, result):
if depth == 0 and (errno == 9 or errno == 10):
return False # expired / not yet valid
if not aj.config.data['ssl']['client_auth']['force']:
return True
user = ClientCertificateVerificator.get(aj.context).verify(x509)
return bool(user)
def client_certificate_callback(self, connection, x509, errno, depth, result):
if depth == 0 and (errno == 9 or errno == 10):
return False # expired / not yet valid
if not aj.config.data['ssl']['client_auth']['force']:
return True
user = ClientCertificateVerificator.get(aj.context).verify(x509)
return bool(user)
def get_environ(self):
"""
Wrapper to handles client certificates and writes it to environ.
"""
env = WebSocketHandler.get_environ(self)
env['SSL'] = isinstance(self.socket, gevent.ssl.SSLSocket)
env['SSL_CLIENT_AUTH_FORCE'] = (
aj.config.data['ssl']['client_auth']['force']
and aj.config.data['ssl']['client_auth']['enable'])
env['SSL_CLIENT_VALID'] = False
env['SSL_CLIENT_USER'] = None
if env['SSL']:
peer_cert = self.socket.getpeercert(True)
if peer_cert:
certificate = crypto.load_certificate(
crypto.FILETYPE_PEM,
gevent.ssl.DER_cert_to_PEM_cert(peer_cert))
env['SSL_CLIENT_CERTIFICATE'] = certificate
if certificate:
user = ClientCertificateVerificator.get(
aj.context).verify(certificate)
env['SSL_CLIENT_VALID'] = bool(user)
env['SSL_CLIENT_USER'] = user
env['SSL_CLIENT_DIGEST'] = certificate.digest('sha256')
return env
def get_environ(self):
env = SocketIOHandler.get_environ(self)
env['SSL'] = isinstance(self.socket, SSLSocket)
env['SSL_CLIENT_VALID'] = False
env['SSL_CLIENT_USER'] = None
if env['SSL']:
certificate = self.socket.get_peer_certificate()
env['SSL_CLIENT_CERTIFICATE'] = certificate
if certificate:
user = ClientCertificateVerificator.get(aj.context).verify(certificate)
env['SSL_CLIENT_VALID'] = bool(user)
env['SSL_CLIENT_USER'] = user
env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1')
return env
def get_environ(self):
env = SocketIOHandler.get_environ(self)
env['SSL'] = isinstance(self.socket, SSLSocket)
env['SSL_CLIENT_VALID'] = False
env['SSL_CLIENT_USER'] = None
if env['SSL']:
certificate = self.socket.get_peer_certificate()
env['SSL_CLIENT_CERTIFICATE'] = certificate
if certificate:
user = ClientCertificateVerificator.get(
aj.context).verify(certificate)
env['SSL_CLIENT_VALID'] = bool(user)
env['SSL_CLIENT_USER'] = user
env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1')
return env
def get_environ(self):
env = SocketIOHandler.get_environ(self)
env['SSL'] = isinstance(self.socket, gevent.ssl.SSLSocket)
env['SSL_CLIENT_VALID'] = False
env['SSL_CLIENT_USER'] = None
if env['SSL']:
peer_cert = self.socket.getpeercert(True)
if peer_cert:
certificate = crypto.load_certificate(crypto.FILETYPE_PEM, gevent.ssl.DER_cert_to_PEM_cert(peer_cert))
env['SSL_CLIENT_CERTIFICATE'] = certificate
if certificate:
user = ClientCertificateVerificator.get(aj.context).verify(certificate)
env['SSL_CLIENT_VALID'] = bool(user)
env['SSL_CLIENT_USER'] = user
env['SSL_CLIENT_DIGEST'] = certificate.digest('sha1')
return env
