[pyOpenSSL] Validating server certificate with CAcert

[Marco da S. <mar...@gm...>]

Hy all!

I''ve just started using OpenSSL and Python-OpenSSL in the past days for a project in my university.

I have a client-server app, and the server has a cert that is used to cypher the communication between client-server. (clients have no cert)

My question is, how can I validate the server cert with the CA cert ? I'm a bit lost with this, I already found how to do it directly with OpenSSL in the shell, but how do I do this in python-openssl?

This is my socket creation code, hope its ok.

Server Socket :

        self.context = SSL.Context(SSL.SSLv3_METHOD)
        self.context.use_privatekey_file('key.pem')
        self.context.use_certificate_file('cert.pem')
        self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.server = SSL.Connection(self.context, self.server)
        self.server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

Client socket :

            self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.ctx = SSL.Context(SSL.SSLv3_METHOD)
            self.ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
            self.sock = SSL.Connection(self.ctx,self.sock)
            self.sock.connect((self.host, self.port))


Thanks all

Marco da Silva