Menu
▾
▴
Re: [pyOpenSSL] certificate verification
|
From: Ajay <abr...@ma...> - 2004-10-04 00:13:35
|
Quoting Martin Sj=F6gren <msj...@gm...>: > On Sat, 2 Oct 2004 14:54:57 +1000, Ajay <abr...@ma...> > wrote: > > hi! > > > > i added a callback for set_verify. > > ctx.set_verify(VERIFY_NONE, verify) > > > > in verify, i put a print statement and it gets called twice - once fo= r > > CA.cert and once for server.cert. Shouldn't it get called only once, > for > > server.cert > > No, the callback gets called once for every cert in the cert chain, > starting with the root and ending with the server's cert. One of the > arguments is the depth, I don't recall off hand. > > > also how would you verify the server certificate? what would you add > to > > verify() > > Well, for starters I'd use SSL.VERIFY_PEER rather than VERIFY_NONE ;) > You should probably read the man page for SSL_CTX_set_verify_callback, > this is basic openssl stuff. > SSL_CTX_set_verify_callback says you can pass a NULL for the callback in which case the OpenSSL built in verify is used to perform the verificatio= n (which should be sufficient for most cases). So how do i get it to use the built in 'verify'. ctx.set_verify(VERIFY_PEER, None) is an error all i really want to do is verify that the certificate presented by the server is authentic, which should be handled by the built in function. cheers > > /Martin > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
