Below is a sample code.=20
As i understood this is the client side part of the code.
What else do i need to write its server part and should i use
use_certificate_file or privatekey_file? If so how? Please show me
with a samplke little code.
#!/usr/bin/env python
# OpenSSL example with verification - Chapter 15 - osslverify.py
#
# Command-line arguments -- root CA file, remote host
import socket, sys
from OpenSSL import SSL
# Grab the command-line parameters
#cafile, host =3D sys.argv[1:]
#
cafile =3D 'certfiles.crt'
host =3D 'www.openssl.org'
def printx509(x509):
"""Display an X.509 certificate"""
fields =3D {'country_name': 'Country',
'SP': 'State/Province',
'L': 'Locality',
'O': 'Organization',
'OU': 'Organizational Unit',
'CN': 'Common Name',
'email': 'E-Mail'}
for field, desc in fields.items():
try:
print "%30s: %s" % (desc, getattr(x509, field))
except:
pass
# Whether or not the certificate name has been verified
cnverified =3D 0
def verify(connection, certificate, errnum, depth, ok):
"""Verify a given certificate"""
global cnverified
print connection, certificate, errnum, depth, ok=09
subject =3D certificate.get_subject()
issuer =3D certificate.get_issuer()
print "Certificate from:"
printx509(subject)
print "\nIssued By:"
printx509(issuer)
if not ok:
# OpenSSL could not verify the digital signature.
print "Could not verify certificate."
return 0
# Digital signature verified. Now make sure it's for the server
# we connected to.
if subject.CN =3D=3D None or subject.CN.lower() !=3D host.lower():
print "Connected to %s, but got cert for %s" % \
(host, subject.CN)
else:
cnverified =3D 1
if depth =3D=3D 0 and not cnverified:
print "Could not verify server name; failing."
return 0
print "-" * 70
return 1=20
=20
ctx =3D SSL.Context(SSL.SSLv23_METHOD)
ctx.load_verify_locations(cafile)
# Set up the verification. Notice we pass the verify function to
# ctx.set_verify()
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify)
print "Creating socket...",
s =3D socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "done."
ssl =3D SSL.Connection(ctx, s)
print "Establishing SSL...",
ssl.connect((host, 443))
print "done."
print "Requesting document..."
ssl.sendall("GET / HTTP/1.0\r\n\r\n")
print "done."
while 1:
try:
buf =3D ssl.recv(4096)
except SSL.ZeroReturnError:
break
sys.stdout.write(buf)
ssl.close()
|
