def __init__(self, cert, *args):
try:
# read the certificate
c = open(cert, "r").read()
# extract the publickey information
pki = extractPubKey(c)
# store its SHA256 hash
self.pHash = SHA256.new(pki).digest()
except:
raise IOError, ("Can't open certificate: %s" % cert)
HTTPSConnection.__init__(self, *args)
def connect(self):
"""
Connect to the HTTPs server.
"""
HTTPSConnection.connect(self)
# get the server certificate
derc = self.sock.getpeercert(True)
# the following conversion is a bit backwards
# but seems to do the trick
pemc = ssl.DER_cert_to_PEM_cert(derc)
# extract the public key info
spki = extractPubKey(pemc)
# compute the sha256 hash
sHash = SHA256.new(spki).digest()
# compare the certificates
if self.pHash != sHash:
raise ValueError, "Certificate of the server could not be validated!"
