[PYTHON-CRYPTO] certificate verification

eGenix Team: M.-A. Lemburg info at EGENIX.COM
Wed Nov 5 12:17:21 CET 2008

On 2008-11-04 20:59, Simon Barber wrote:
> I am writing a test case, and want to verify a certificate I've made -
> without using an SSL connection. I've tried following the certificate
> verification example in the "OpenSSL" O'Reilly book - Is this a good
> approach or is there a better way? The example code does this:
> X509_STORE_new()
> X509_STORE_load_locations()
> X509_STORE_set_detault_paths()
> X509_STORE_set_flags()
> X509_STORE_CTX_new()
> X509_STORE_CTX_init()
> X509_verify_cert()
> but some of the C functions don't appear in the M2Crypto wrappers. My first
> problem is that X509.X509_Store_Context() requires a x509_store_ctx be
> passed in - where do I get one? Next problem - what is the right way to call
> the C functions that are not wrapped? I have my root CA cert in an X509
> structure, not in a file, so I'd rather not use X509_STORE_load_locations().

I'm not sure how you'd do this in M2Crypto, but in pyOpenSSL, you'd
create an SSL Context object, load the certs and then create
a loopback Connection object to test the SSL verification.


You can even use a loopback socket object that only behaves
like a socket and never actually uses any connections.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Nov 05 2008)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the python-crypto mailing list