def test05_open_with_subj_alt_names_verification(self): ctx = SSL.Context(SSL.TLSv1_2_METHOD) # Set wildcard hostname for subject alternative name matching - # setting a minimum of two name components for hostname split_hostname = Constants.HOSTNAME.split('.', 1) if len(split_hostname) > 1: _hostname = '*.' + split_hostname[-1] else: _hostname = Constants.HOSTNAME server_ssl_verify = ServerSSLCertVerification(hostname=_hostname) verify_callback_ = server_ssl_verify.get_verify_server_cert_func() ctx.set_verify(SSL.VERIFY_PEER, verify_callback_) # Set default verify paths if testing with peer that has corresponding # CA cert in bundle provided with the OS. In this case, load verify # locations is not needed. #ctx.set_default_verify_paths() ctx.set_verify_depth(9) # Set correct location for CA certs to verify with ctx.load_verify_locations(None, Constants.CACERT_DIR) opener = build_opener(ssl_context=ctx) res = opener.open(Constants.TEST_URI) self.assertTrue(res) print("res = %s" % res.read())
def set_peer_verification_for_url_hostname(ssl_context, url, if_verify_enabled=False): '''Convenience routine to set peer verification callback based on ServerSSLCertVerification class''' if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER): urlObj = urlparse_.urlparse(url) hostname = urlObj.hostname server_ssl_cert_verif = ServerSSLCertVerification(hostname=hostname) verify_callback_ = server_ssl_cert_verif.get_verify_server_cert_func() ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback_)
def test04_ssl_verification_with_subj_alt_name(self): ctx = SSL.Context(SSL.SSLv3_METHOD) verify_callback = ServerSSLCertVerification(hostname='localhost') ctx.set_verify(SSL.VERIFY_PEER, verify_callback) ctx.set_verify_depth(9) # Set correct location for CA certs to verify with ctx.load_verify_locations(None, Constants.CACERT_DIR) conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, ssl_context=ctx) conn.connect() conn.request('GET', '/') resp = conn.getresponse() print('Response = %s' % resp.read())
def test04_ssl_verification_with_subj_common_name(self): ctx = SSL.Context(SSL.TLSv1_METHOD) # Explicitly set verification of peer hostname using peer certificate # subject common name verification = ServerSSLCertVerification(hostname='localhost', subj_alt_name_match=False) verify_callback = verification.get_verify_server_cert_func() ctx.set_verify(SSL.VERIFY_PEER, verify_callback) ctx.set_verify_depth(9) # Set correct location for CA certs to verify with ctx.load_verify_locations(None, Constants.CACERT_DIR) conn = HTTPSConnection(Constants.HOSTNAME, port=Constants.PORT, ssl_context=ctx) conn.connect() conn.request('GET', '/') resp = conn.getresponse() print('Response = %s' % resp.read())