[pyOpenSSL] How can I verify client that the client is signed by me?
Sebastian Greatful
sebastianthegreatful at gmail.com
Wed Sep 17 21:27:50 CEST 2008
-----Oprindelig meddelelse-----
Fra: pyopenssl-list-bounces at lists.sourceforge.net
[mailto:pyopenssl-list-bounces at lists.sourceforge.net] På vegne af Jean-Paul
Calderone
Sendt: 17. september 2008 20:30
Til: pyopenssl-list at lists.sourceforge.net
Emne: Re: [pyOpenSSL] How can I verify client that the client is signed by
me?
<snip />
>If you want to make sure the client's certificate is signed by a particular
>key which your server has, then you should specify that key's corresponding
>certificate as a trusted CA certificate (with a method of the context
object,
>perhaps load_verify_locations, though there are a bunch of functions which
>do similar things, the correct one for you may depend on some other
factors).
>
That’s exactly what I'm trying to do. However I can't make the
load_verify_locations
Function work. Executing the code below I get (<class
exceptions.AttributeError at 0x2b891d0596b0>, <exceptions.AttributeError
instance at 0x2b891ed9d758>, <traceback object at 0x2b891ed9d830>)
71 def _verify(self, conn, cert, errno, depth, retcode):
72 try:
73 cert.load_verify_locations(self.caFile)
74 except:
75 print sys.exc_info()
>Then, make sure you respect OpenSSL's decision in the verify callback.
This
>is given by the `retcode` parameter. If the client's certificate is not
>signed by a certificate you told the context object to consider a trusted
CA
>certificate, `retcode` will be false. You can add whatever additional
>checks you want on top of that (ie, for the subject's name or what have
you)
>but if `retcode` is false, you should return false from the verify
function.
I'd very much like to do so :) But does that mean that I should set it to
something or
check it or what?
Best regards,
Seb
More information about the pyopenssl-users
mailing list