Hi,
I have a small problem using the M2Crypto for SSL certificate verification.
I have a client and a server who wants to get the certificates verified by
the other in order start the communication. I am able to get the server
certificate verified by the client but not the client certificate in the
server.
I have attached the code which I use for this. Kindly tell me where I had
gone wrong.
I would appreciate a quick reply since I have not been able to make progress
in my project due to this problem.
I am using Python 2.6.1 version in Ubuntu 8.10. I have the OpenSSL version
0.9.8 and SWIG 1.33.
The M2Crypto I am using is 0.18.
I am also using my own CA to sign the certificates. The CA certificates are
available with both the server and the client.
Please let me know if you require additional information on this.
Thanks
Karthik
import select
import socket
import sys
import string
import M2Crypto
HOST = "127.0.0.1"
PORT = 5050
BACKLOG = 5
BUFF_SIZE = 1024
from M2Crypto import SSL
class client:
def run(self):
con = SSL.Context('tlsv1')
#con.load_verify_locations('cacert.pem','/home/kchandr1/Desktop/sc/')
##con.load_verify_locations('cacert.pem')
#con.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth = 9)
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "client_crt.pem",keyfile = "client_key.pem")
con.set_client_CA_list_from_file('cacert.pem')
c= SSL.Connection(con)
c.connect((HOST,5050))
if c.get_peer_cert() is not None:
print "Server Certificate verified"
print c.get_verify_result()
print c.get_peer_cert()
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "client_crt.pem",keyfile = "client_key.pem")
else:
print "CLIENT: Not able to get certificate"
sys.exit()
data = raw_input("Enter")
while data:
c.send(data)
data = raw_input("Enter to pass to server")
c.close()
if __name__ == "__main__":
client1 = client()
try:
client1.run()
except KeyboardInterrupt:
print "Keyboard Interrupt recieved"
s.close_socket()
import select
import socket
import sys
import string
HOST = "127.0.0.1"
PORT = 5050
BACKLOG = 5
BUFF_SIZE = 1024
from M2Crypto import SSL
class server:
def run(self):
con = SSL.Context('tlsv1')
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "server_crt.pem",keyfile = "server_key.pem")
con.load_verify_locations('cacert.pem')
#con.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth = 9)
bindsocket = SSL.Connection(con)
bindsocket.bind((HOST,PORT))
bindsocket.listen(BACKLOG)
print "waiting for connection"
(connectsocket, fromaddress) = bindsocket.accept()
c= SSL.Connection(con)
if c.get_peer_cert() is not None:
print "Client Certificate verified"
print c.get_verify_result()
else:
print "Server: Not able to get certificate"
print c.get_verify_result()
print c.get_peer_cert()
sys.exit()
data = connectsocket.read()
while data:
print data
data = connectsocket.read()
connectsocket.write('200 OK\r\n\r\n')
connectsocket.close()
bindsocket.close()
if __name__ == "__main__":
s = server()
try:
s.run()
except KeyboardInterrupt:
print "Keyboard Interrupt recieved"
s.close_socket()
--
http://mail.python.org/mailman/listinfo/python-list
