Re: [pyOpenSSL] How can I verify client that the client is signed by me?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 17 Sep 2008 22:18:22 +0200, Sebastian Greatful <seb...@gm...> wrote:
> [snip]
>
>Any ideas on where I go wrong?

>
>50 class SSLTCPServer(TCPServer):
> 51         keyFile = "sslcert/server.key"
> 52         certFile = "sslcert/server.crt"
> 53         caFile = "sslcert/ca.crt"
> 54         def __init__(self, server_address, RequestHandlerClass):
> 55                 ctx = SSL.Context(SSL.SSLv23_METHOD)
> 56                 ctx.use_privatekey_file(self.keyFile)
> 57                 ctx.use_certificate_file(self.certFile)
> 58                 ctx.load_verify_locations(self.caFile)
> 59                 ctx.set_verify(SSL.VERIFY_PEER |
>SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE, self._verify)
> 60                 ctx.set_verify_depth(10)
> 61                 ctx.set_session_id('DFS')
> 62
> 63                 self.server_address = server_address
> 64                 self.RequestHandlerClass = RequestHandlerClass
> 65                 self.socket = socket.socket(self.address_family,
>self.socket_type)
> 66                 self.socket = SSL.Connection(ctx, self.socket)
> 67                 self.socket.bind(self.server_address)
> 68                 self.socket.listen(self.request_queue_size)
> 69
> 70         def _verify(self, conn, cert, errno, depth, retcode):
> 71                 return retcode
>

This isn't a complete example (and the line numbers would make it annoying
to actually run if it were ;).  A complete, minimal reproduction of the
problem would make it easier to diagnose.

Jean-Paul