ssl server

Seb sebastianthegreatful at gmail.com
Thu Sep 18 09:59:17 CEST 2008


On Sep 17, 7:33 pm, Seb <sebastianthegreat... at gmail.com> wrote:
> I'm making a ssl server, but I'm not sure how I can verify the
> clients. What do I actually need to place in _verify to actually
> verify that the client cert is signed by me?
>
>  50 class SSLTCPServer(TCPServer):
>  51         keyFile = "sslcert/server.key"
>  52         certFile = "sslcert/server.crt"
>  53         def __init__(self, server_address, RequestHandlerClass):
>  54                 ctx = SSL.Context(SSL.SSLv23_METHOD)
>  55                 ctx.use_privatekey_file(self.keyFile)
>  56                 ctx.use_certificate_file(self.certFile)
>  57                 ctx.set_verify(SSL.VERIFY_PEER |
> SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
> self._verify)
>  58                 ctx.set_verify_depth(10)
>  59                 ctx.set_session_id('DFS')
>  60
>  61                 self.server_address = server_address
>  62                 self.RequestHandlerClass = RequestHandlerClass
>  63                 self.socket = socket.socket(self.address_family,
> self.socket_type)
>  64                 self.socket = SSL.Connection(ctx, self.socket)
>  65                 self.socket.bind(self.server_address)
>  66                 self.socket.listen(self.request_queue_size)
>  67
>  68         def _verify(self, conn, cert, errno, depth, retcode):
>  69                 return not cert.has_expired() and
> cert.get_issuer().organizationName == 'DFS'


Simply return retcode and it will work... assuming you have the certs
setup properly.



More information about the Python-list mailing list