def verify_gtalk_cert(xmpp_client):
"""
Hack specific for google apps domains with SRV entries.
It needs to fid the SSL certificate of google and not the one for your domain
"""
hosts = resolver.get_SRV(xmpp_client.boundjid.server,
5222,
xmpp_client.dns_service,
resolver=resolver.default_resolver())
it_is_google = False
for host, _ in hosts:
if host.lower().find('google.com') > -1:
it_is_google = True
if it_is_google:
raw_cert = xmpp_client.socket.getpeercert(binary_form=True)
try:
if cert.verify('talk.google.com', raw_cert):
logging.info('google cert found for %s',
xmpp_client.boundjid.server)
return
except cert.CertificateError:
pass
logging.error("invalid cert received for %s", xmpp_client.boundjid.server)
def ssl_invalid_cert(self, raw_cert):
"""Handle an invalid certificate from the Jabber server
This may happen if the domain is using Google Apps
for their XMPP server and the XMPP server."""
hosts = resolver.get_SRV(self.boundjid.server,
5222,
'xmpp-client',
resolver=resolver.default_resolver())
domain_uses_google = False
for host, _ in hosts:
if host.lower()[-10:] == 'google.com':
domain_uses_google = True
if domain_uses_google:
try:
if cert.verify('talk.google.com',
ssl.PEM_cert_to_DER_cert(raw_cert)):
logging.debug('Google certificate found for %s',
self.boundjid.server)
return
except cert.CertificateError:
pass
logging.error("Invalid certificate received for %s",
self.boundjid.server)
self.disconnect()
def verify_gtalk_cert(self, raw_cert):
hosts = resolver.get_SRV(self.boundjid.server, 5222,
self.dns_service,
resolver=resolver.default_resolver())
it_is_google = False
for host, _ in hosts:
if host.lower().find('google.com') > -1:
it_is_google = True
if it_is_google:
try:
if cert.verify('talk.google.com', ssl.PEM_cert_to_DER_cert(raw_cert)):
logging.info('google cert found for %s',
self.boundjid.server)
return
except cert.CertificateError:
pass
logging.error("invalid cert received for %s",
self.boundjid.server)
def verify_gtalk_cert(self, raw_cert):
hosts = resolver.get_SRV(self.boundjid.server,
5222,
self.dns_service,
resolver=resolver.default_resolver())
it_is_google = False
for host, _ in hosts:
if host.lower().find('google.com') > -1:
it_is_google = True
if it_is_google:
try:
if cert.verify('talk.google.com',
ssl.PEM_cert_to_DER_cert(raw_cert)):
logging.info('google cert found for %s',
self.boundjid.server)
return
except cert.CertificateError:
pass
logging.error("invalid cert received for %s", self.boundjid.server)
def ssl_invalid_cert(self, raw_cert):
"""Handle an invalid certificate from the Jabber server
This may happen if the domain is using Google Apps
for their XMPP server and the XMPP server."""
hosts = resolver.get_SRV(self.boundjid.server, 5222,
'xmpp-client',
resolver=resolver.default_resolver())
domain_uses_google = False
for host, _ in hosts:
if host.lower()[-10:] == 'google.com':
domain_uses_google = True
if domain_uses_google:
try:
if cert.verify('talk.google.com', ssl.PEM_cert_to_DER_cert(raw_cert)):
logging.debug('Google certificate found for %s', self.boundjid.server)
return
except cert.CertificateError:
pass
logging.error("Invalid certificate received for %s", self.boundjid.server)
self.disconnect()
def verify_gtalk_cert(xmpp_client):
"""
Hack specific for google apps domains with SRV entries.
It needs to fid the SSL certificate of google and not the one for your domain
"""
hosts = resolver.get_SRV(xmpp_client.boundjid.server, 5222,
xmpp_client.dns_service,
resolver=resolver.default_resolver())
it_is_google = False
for host, _ in hosts:
if host.lower().find('google.com') > -1:
it_is_google = True
if it_is_google:
raw_cert = xmpp_client.socket.getpeercert(binary_form=True)
try:
if cert.verify('talk.google.com', raw_cert):
log.info('google cert found for %s', xmpp_client.boundjid.server)
return
except cert.CertificateError:
pass
log.error("invalid cert received for %s", xmpp_client.boundjid.server)
