M2Crypto.SSL.Checker.NoCertificate Exception

Tim H. timothy.heckman at gmail.com
Sat Mar 31 19:34:22 CEST 2012


I have a weird quirk with the M2Crypto module and I hope someone would be able to point me in the right direction.  I am working with a colleague to develop an internal tool to check SSL certificates on a list of IPv4 addresses obtained via stdin.  

We are using M2Crypto to help with validating the certificates.  If we only have it check one IPv4 address, it is able to provide us with the correct certificate and we are able to do our validation checks on the information that the SSL certificate contains.

However, if we try to check multiple IPv4 addresses we receive the "M2Crypto.SSL.Checker.NoCertificate".  There are some cases where we should be receiving this.  However, regardless of what the second or third IPv4 address is (even if it tested good as the first one), it will fail.

Context creation:

	global context

	context = M2Crypto.SSL.Context()
	if sys.platform.startswith('linux'):
		context.load_verify_info(capath="/etc/ssl/certs/") #Linux with real open SSL installed
	elif sys.platform.startswith('darwin'):
		context.load_verify_info(cafile=certfile) 
	else:
		print "Unknown platform, bail!"
		exit(1)
	context.set_allow_unknown_ca(True)
	context.set_verify(M2Crypto.SSL.verify_none,9)

Socket creation:

        conn = M2Crypto.SSL.Connection(context)
	socket.setdefaulttimeout(2.0)
	conn.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=2))
	conn.set_socket_write_timeout(M2Crypto.SSL.timeout(sec=2))
	
	try:
		conn.connect((ip,443))

The above two portions of code exist in their own functions.  The latter block gets called as part of the loop over the array of addresses.  The IP is passed from the caller.

Thank you in advance!

-Tim



More information about the Python-list mailing list