def demo1():
print 'Test 1: As DER...'
cert1 = X509.load_cert('server.pem')
der1 = cert1.as_der()
dgst1 = MessageDigest('sha1')
dgst1.update(der1)
print 'Using M2Crypto:\n', `dgst1.final()`, '\n'
cert2 = os.popen('openssl x509 -inform pem -outform der -in server.pem')
der2 = cert2.read()
dgst2 = MessageDigest('sha1')
dgst2.update(der2)
print 'Openssl command line:\n', `dgst2.final()`, '\n'
def demo1():
print 'Test 1: As DER...'
cert1 = X509.load_cert('server.pem')
der1 = cert1.as_der()
dgst1 = MessageDigest('sha1')
dgst1.update(der1)
print 'Using M2Crypto:\n', ` dgst1.final() `, '\n'
cert2 = os.popen('openssl x509 -inform pem -outform der -in server.pem')
der2 = cert2.read()
dgst2 = MessageDigest('sha1')
dgst2.update(der2)
print 'Openssl command line:\n', ` dgst2.final() `, '\n'
def sign(self, data):
"""
Emulates the signing behavior of an ssh key agent.
"""
digest = MessageDigest('sha1')
digest.update(data)
my_data = digest.final()
return self.instance.sign(data)
def __call__(self, peerCert, host=None):
if peerCert is None:
raise NoCertificate('peer did not return certificate')
if host is not None:
self.host = host
if self.fingerprint:
if self.digest not in ('sha1', 'md5'):
raise ValueError('unsupported digest "%s"' %(self.digest))
if (self.digest == 'sha1' and len(self.fingerprint) != 40) or \
(self.digest == 'md5' and len(self.fingerprint) != 32):
raise WrongCertificate('peer certificate fingerprint length does not match')
der = peerCert.as_der()
md = MessageDigest(self.digest)
md.update(der)
digest = md.final()
if octx_to_num(digest) != int(self.fingerprint, 16):
raise WrongCertificate('peer certificate fingerprint does not match')
if self.host and self.ssl_config.fqdn_check and self.ssl_config.check:
hostValidationPassed = False
self.useSubjectAltNameOnly = False
# subjectAltName=DNS:somehost[, ...]*
try:
subjectAltName = peerCert.get_ext('subjectAltName').get_value()
if self._splitSubjectAltName(self.host, subjectAltName):
hostValidationPassed = True
elif self.useSubjectAltNameOnly:
raise WrongHost(expectedHost=self.host,
actualHost=subjectAltName,
fieldName='subjectAltName')
except LookupError:
pass
# commonName=somehost[, ...]*
if not hostValidationPassed:
hasCommonName = False
commonNames = ''
for entry in peerCert.get_subject().get_entries_by_nid(NID_commonName):
hasCommonName = True
commonName = entry.get_data().as_text()
if not commonNames:
commonNames = commonName
else:
commonNames += ',' + commonName
if self._match(self.host, commonName):
hostValidationPassed = True
break
if not hasCommonName:
raise WrongCertificate('no commonName in peer certificate')
if not hostValidationPassed:
raise WrongHost(expectedHost=self.host,
actualHost=commonNames,
fieldName='commonName')
return True
def fingerprint(x509):
der = x509.as_der()
md = MessageDigest('sha1')
md.update(der)
digest = md.final()
return hex(util.octx_to_num(digest))
def fingerprint(x509):
der = x509.as_der()
md = MessageDigest('sha1')
md.update(der)
digest = md.final()
return hex(util.octx_to_num(digest))
