[pyOpenSSL] How can I verify client that the client is signed by me?

[Sebastian G. <seb...@gm...>]

I'm building a ssl tcp server using the code below. However I'm unsure about
how to actually verify the client's cert.

 

50 class SSLTCPServer(TCPServer):

 51         keyFile = "sslcert/server.key"

 52         certFile = "sslcert/server.crt"

 53         def __init__(self, server_address, RequestHandlerClass):

 54                 ctx = SSL.Context(SSL.SSLv23_METHOD)

 55                 ctx.use_privatekey_file(self.keyFile)

 56                 ctx.use_certificate_file(self.certFile)

 57                 ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE, self._verify)

 58                 ctx.set_verify_depth(10)

 59                 ctx.set_session_id('DFS')

 60

 61                 self.server_address = server_address

 62                 self.RequestHandlerClass = RequestHandlerClass

 63                 self.socket = socket.socket(self.address_family,
self.socket_type)

 64                 self.socket = SSL.Connection(ctx, self.socket)

 65                 self.socket.bind(self.server_address)

 66                 self.socket.listen(self.request_queue_size)

 67

 68         def _verify(self, conn, cert, errno, depth, retcode):

 69                 return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'

 

 

Anyone got an idea about how to actually build the _verify method?

 

Thanks in advance,

Seb