def _identityVerifyingInfoCallback(self, connection, where, ret): """ Override the base implementation to provide better hostname verification. @param connection: the connection which is handshaking. @type connection: L{OpenSSL.SSL.Connection} @param where: flags indicating progress through a TLS handshake. @type where: L{int} @param ret: ignored @type ret: ignored """ if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: if self._ctx.get_verify_mode() != SSL.VERIFY_NONE: try: peer_cert = Certificate(connection.get_peer_certificate()) _matchHostname(peer_cert, self._hostname) except CertMatchError as ex: log.error(str(ex)) f = Failure() transport = connection.get_app_data() transport.failVerification(f)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning(e)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning( 'Remote certificate is not valid for hostname "{}"; {}' .format(self._hostnameASCII, e))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError: f = Failure() transport = connection.get_app_data() transport.failVerification(f)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning( 'Remote certificate is not valid for hostname "{}"; {}'.format( self._hostnameASCII, e))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: log.warn( 'Remote certificate is not valid for hostname "{}"; {}'. format(self._hostnameASCII, e)) except ValueError as e: log.warn('Ignoring error while verifying certificate ' 'from host "{}" (exception: {})'.format( self._hostnameASCII, repr(e)))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: log.warn( 'Remote certificate is not valid for hostname "{}"; {}'.format( self._hostnameASCII, e)) except ValueError as e: log.warn( 'Ignoring error while verifying certificate ' 'from host "{}" (exception: {})'.format( self._hostnameASCII, repr(e)))