def check_key(cert, key, passwd='', chain=()):
"""check_key() -> cert key
Returns 1 if key can sign certificate.
"""
try:
ctx = sslip.ssl_ctx(sslip.TLSV1_CLIENT_METHOD)
cert_obj = sslip.read_pem_cert(cert)
# Convert chain certs to cert objects
cert_chain = []
for c in chain:
cert_chain.append(sslip.read_pem_cert(c))
ctx.use_cert(cert_obj, tuple(cert_chain))
key_obj = sslip.read_pem_key(key, passwd)
ctx.use_key(key_obj)
if ctx.check_key():
return 1
else:
return 0
except:
return 0
def check_key (cert, key, passwd='', chain=()):
"""check_key() -> cert key
Returns 1 if key can sign certificate.
"""
try:
ctx = sslip.ssl_ctx (sslip.TLSV1_CLIENT_METHOD)
cert_obj = sslip.read_pem_cert(cert)
# Convert chain certs to cert objects
cert_chain = []
for c in chain:
cert_chain.append(sslip.read_pem_cert(c))
ctx.use_cert(cert_obj, tuple(cert_chain))
key_obj = sslip.read_pem_key(key, passwd)
ctx.use_key(key_obj)
if ctx.check_key():
return 1
else:
return 0
except:
return 0
CERT = datafile.get_file('coro_ssl_data', 'demo-cert.txt')
KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt')
KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip()
DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem')
DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem')
except IOError:
# ignore IOErrors here ... they SHOULD only occur when building a
# frozen upgrade binary
init_defaults = 0
pass
if init_defaults:
default_cert = sslip.read_pem_cert(CERT)
default_key = sslip.read_pem_key(KEY, KEY_PASS)
default_ctx = sslip.ssl_ctx(sslip.SSLV23_METHOD)
default_ctx.use_cert(default_cert)
default_ctx.use_key(default_key)
# diffie-hellman parameters
default_ctx.set_tmp_dh(DH_PARAM_512)
default_ctx.set_options(default_ctx.get_options()
| sslip.SSL_OP_SINGLE_DH_USE)
# put these two RC4 ciphers up front, they use much less CPU than 3DES
#default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL')
else:
default_cert = None
default_key = None
default_ctx = None
# Helper code
ssl_default_op = sslip.SSL_OP_SINGLE_DH_USE
KEY = datafile.get_file('coro_ssl_data', 'demo-key.txt')
KEY_PASS = datafile.get_file('coro_ssl_data', 'demo-pass.txt').strip()
DH_PARAM_512 = datafile.get_file('coro_ssl_data', 'dh_512.pem')
DH_PARAM_1024 = datafile.get_file('coro_ssl_data', 'dh_1024.pem')
except IOError:
# ignore IOErrors here ... they SHOULD only occur when building a
# frozen upgrade binary
init_defaults = 0
pass
if init_defaults:
default_cert = sslip.read_pem_cert (CERT)
default_key = sslip.read_pem_key (KEY, KEY_PASS)
default_ctx = sslip.ssl_ctx (sslip.SSLV23_METHOD)
default_ctx.use_cert (default_cert)
default_ctx.use_key (default_key)
# diffie-hellman parameters
default_ctx.set_tmp_dh (DH_PARAM_512)
default_ctx.set_options (default_ctx.get_options() | sslip.SSL_OP_SINGLE_DH_USE)
# put these two RC4 ciphers up front, they use much less CPU than 3DES
#default_ctx.set_ciphers ('RC4-SHA:RC4-MD5:ALL')
else:
default_cert = None
default_key = None
default_ctx = None
# Helper code
ssl_default_op = sslip.SSL_OP_SINGLE_DH_USE
ssl_op_map = {