def connect_trusted_root(self, sock, root_cert, crl_certs): self.ca_path = self.cert_path + "ca/" server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: f = verify(server_cert, crl_certs, flag) if not f: flag = 1 elif f == 1: raise Exception(1) else: import time time.sleep(0.1) try: if self.FORCE_SSL_VERSION: add = {"ssl_version": self.FORCE_SSL_VERSION} else: add = {} add["cert_reqs"] = ssl.CERT_REQUIRED # try to use PyOpenSSL by default if PYOPENSSL_AVAILABLE: wrap_class = PyOpenSSLSocket add["keyobj"] = self.keyobj add["certobj"] = self.certobj add["keyfile"] = self.key_file add["certfile"] = self.cert_file else: wrap_class = ssl.SSLSocket self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add) return 0 except: return 1
def connect_trusted_root(self, sock, root_cert, crl_certs): self.ca_path = self.cert_path + "ca/" server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: f = verify(server_cert, crl_certs, flag) if not f: flag = 1 elif f == 1: sys.exit() else: import time time.sleep(1) try: self.sock = ssl.wrap_socket( sock, certfile=self.cert_file, keyfile=self.key_file, ca_certs=root_cert, ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_REQUIRED, ) dercert_after_connect = self.sock.getpeercert(True) cert_after_connect = ssl.DER_cert_to_PEM_cert(dercert_after_connect) if not server_cert == cert_after_connect: print "\n" + _("WARNING! %s trying to replace the certificate!") % self.host + "\n" self.sock.close() return 2 return 0 except: return 1
def connect_trusted_server(self, sock, crl_certs): self.trusted_path = self.cert_path + "trusted/" ca_cert_list = self.trusted_path + "cert.list" server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: f = verify(server_cert, crl_certs, flag) if not f: flag = 1 elif f == 1: sys.exit() # if not hasattr(HTTPSClientCertTransport, 'filename') or \ # HTTPSClientCertTransport.filename == None: HTTPSClientCertTransport.filename = self.cert_list(self.host, ca_cert_list, server_cert) if HTTPSClientCertTransport.filename: try: self.sock = ssl.wrap_socket( sock, certfile=self.cert_file, keyfile=self.key_file, # ca_certs = self.ca_path + self.filename, \ ssl_version=ssl.PROTOCOL_SSLv23, cert_reqs=ssl.CERT_NONE, ) dercert_after_connect = self.sock.getpeercert(True) cert_after_connect = ssl.DER_cert_to_PEM_cert(dercert_after_connect) # filename2 = \ # self.cert_list (self.host, ca_cert_list, cert_after_connect) # if not HTTPSClientCertTransport.filename == filename2: # print _("\nWARNING!!! %s trying to replace certificate!\n")\ #%self.host # self.sock.close() # return 2 return 0 except Exception, e: print e # print _("Error. May be a server cert or secret key not valid ") # print _("or your certificate %s is not trusted") %self.cert_file HTTPSClientCertTransport.filename = None return 1
def connect_trusted_server(self, sock, crl_certs): self.trusted_path = self.cert_path + "trusted/" ca_cert_list = self.trusted_path + "cert.list" server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: f = verify(server_cert, crl_certs, flag) if not f: flag = 1 elif f == 1: raise Exception(1) # if not hasattr(HTTPSClientCertTransport, 'filename') or \ # HTTPSClientCertTransport.filename == None: HTTPSClientCertTransport.filename = self.cert_list(self.host, ca_cert_list, server_cert) if HTTPSClientCertTransport.filename: try: if self.FORCE_SSL_VERSION: add = {"ssl_version": self.FORCE_SSL_VERSION} else: add = {} add["cert_reqs"] = ssl.CERT_NONE # try to use PyOpenSSL by default if PYOPENSSL_AVAILABLE: wrap_class = PyOpenSSLSocket add["keyobj"] = self.keyobj add["certobj"] = self.certobj add["keyfile"] = self.key_file add["certfile"] = self.cert_file else: wrap_class = ssl.SSLSocket self.sock = wrap_class(sock, ca_certs=None, **add) return 0 except Exception: # print (e) HTTPSClientCertTransport.filename = None return 1 else: return self.add_server_cert(server_cert)