def test_set_default_verify_paths(self): """ L{Context.set_default_verify_paths} causes the platform-specific CA certificate locations to be used for verification purposes. """ # Testing this requires a server with a certificate signed by one of # the CAs in the platform CA location. Getting one of those costs # money. Fortunately (or unfortunately, depending on your # perspective), it's easy to think of a public server on the # internet which has such a certificate. Connecting to the network # in a unit test is bad, but it's the only way I can think of to # really test this. -exarkun # Arg, verisign.com doesn't speak TLSv1 context = Context(SSLv3_METHOD) context.set_default_verify_paths() context.set_verify( VERIFY_PEER, lambda conn, cert, errno, depth, preverify_ok: preverify_ok) client = socket() client.connect(('verisign.com', 443)) clientSSL = Connection(context, client) clientSSL.set_connect_state() clientSSL.do_handshake() clientSSL.send('GET / HTTP/1.0\r\n\r\n') self.assertTrue(clientSSL.recv(1024))
def _dump_all_certs(self, cert_file, address): # This will also include intermediate certs context = Context(SSLv23_METHOD) context.set_default_verify_paths() client = socket.socket() client.connect((address, 443)) clientSSL = Connection(context, client) clientSSL.set_connect_state() clientSSL.do_handshake() chains = clientSSL.get_peer_cert_chain() for chain in chains: cert_file.write(dump_certificate(FILETYPE_PEM, chain).decode())