def VerifyCertificate(filename): """Verifies a SSL certificate. @type filename: string @param filename: Path to PEM file """ try: cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, io.ReadFile(filename)) except Exception as err: # pylint: disable=W0703 return (constants.CV_ERROR, "Failed to load X509 certificate %s: %s" % (filename, err)) (errcode, msg) = \ x509.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN, constants.SSL_CERT_EXPIRATION_ERROR) if msg: fnamemsg = "While verifying %s: %s" % (filename, msg) else: fnamemsg = None if errcode is None: return (None, fnamemsg) elif errcode == x509.CERT_WARNING: return (constants.CV_WARNING, fnamemsg) elif errcode == x509.CERT_ERROR: return (constants.CV_ERROR, fnamemsg) raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode)
def VerifyCertificate(filename): """Verifies a SSL certificate. @type filename: string @param filename: Path to PEM file """ try: cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, io.ReadFile(filename)) except Exception, err: # pylint: disable=W0703 return (constants.CV_ERROR, "Failed to load X509 certificate %s: %s" % (filename, err)) (errcode, msg) = \ x509.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN, constants.SSL_CERT_EXPIRATION_ERROR) if msg: fnamemsg = "While verifying %s: %s" % (filename, msg) else: fnamemsg = None if errcode is None: return (None, fnamemsg) elif errcode == x509.CERT_WARNING: return (constants.CV_WARNING, fnamemsg) elif errcode == x509.CERT_ERROR: return (constants.CV_ERROR, fnamemsg) raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode)