def verify_gtalk_cert(xmpp_client): """ Hack specific for google apps domains with SRV entries. It needs to fid the SSL certificate of google and not the one for your domain """ hosts = resolver.get_SRV(xmpp_client.boundjid.server, 5222, xmpp_client.dns_service, resolver=resolver.default_resolver()) it_is_google = False for host, _ in hosts: if host.lower().find('google.com') > -1: it_is_google = True if it_is_google: raw_cert = xmpp_client.socket.getpeercert(binary_form=True) try: if cert.verify('talk.google.com', raw_cert): logging.info('google cert found for %s', xmpp_client.boundjid.server) return except cert.CertificateError: pass logging.error("invalid cert received for %s", xmpp_client.boundjid.server)
def ssl_invalid_cert(self, raw_cert): """Handle an invalid certificate from the Jabber server This may happen if the domain is using Google Apps for their XMPP server and the XMPP server.""" hosts = resolver.get_SRV(self.boundjid.server, 5222, 'xmpp-client', resolver=resolver.default_resolver()) domain_uses_google = False for host, _ in hosts: if host.lower()[-10:] == 'google.com': domain_uses_google = True if domain_uses_google: try: if cert.verify('talk.google.com', ssl.PEM_cert_to_DER_cert(raw_cert)): logging.debug('Google certificate found for %s', self.boundjid.server) return except cert.CertificateError: pass logging.error("Invalid certificate received for %s", self.boundjid.server) self.disconnect()
def verify_gtalk_cert(self, raw_cert): hosts = resolver.get_SRV(self.boundjid.server, 5222, self.dns_service, resolver=resolver.default_resolver()) it_is_google = False for host, _ in hosts: if host.lower().find('google.com') > -1: it_is_google = True if it_is_google: try: if cert.verify('talk.google.com', ssl.PEM_cert_to_DER_cert(raw_cert)): logging.info('google cert found for %s', self.boundjid.server) return except cert.CertificateError: pass logging.error("invalid cert received for %s", self.boundjid.server)
def verify_gtalk_cert(xmpp_client): """ Hack specific for google apps domains with SRV entries. It needs to fid the SSL certificate of google and not the one for your domain """ hosts = resolver.get_SRV(xmpp_client.boundjid.server, 5222, xmpp_client.dns_service, resolver=resolver.default_resolver()) it_is_google = False for host, _ in hosts: if host.lower().find('google.com') > -1: it_is_google = True if it_is_google: raw_cert = xmpp_client.socket.getpeercert(binary_form=True) try: if cert.verify('talk.google.com', raw_cert): log.info('google cert found for %s', xmpp_client.boundjid.server) return except cert.CertificateError: pass log.error("invalid cert received for %s", xmpp_client.boundjid.server)