The server is using a self signed certificate and the client does not trust it (loading certificate commented out).
Thus the handshake will fail as it should.
But in addition, if VerifyCallback prints x509.get_issuer().get_components, or if the function is called,
it causes another exception ('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large'). This doesn't
happen if the handshake succeeds.
You can use for example x509.get_issuer().commonName but not .get_components.
I'm using
Python 2.6.1 (r261:67515, Jan 7 2009, 15:48:16)
[GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2
<module 'OpenSSL.version' from '/usr/local/lib/python2.6/site-packages/pyOpenSSL-0.8-py2.6-linux-i686.egg/OpenSSL/version.pyc'>
and after creating the self signed server sertificate at cert/server.pem (and possibly copying to cert/ca.pem)
I call python server.py in one terminal and python client.py in another.
#minssl.py
#---------
import socket
import OpenSSL
min_sslcontext = None
CIPHERS = "HIGH:!ADH:!EXP:!MD5:@STRENGTH"
def InitServer(servercertchain, serverprivkey):
global min_sslcontext
The server is using a self signed certificate and the client does not trust it (loading certificate commented out).
Thus the handshake will fail as it should.
But in addition, if VerifyCallback prints x509.get_ issuer( ).get_component s, or if the function is called,
it causes another exception ('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large'). This doesn't
happen if the handshake succeeds.
You can use for example x509.get_ issuer( ).commonName but not .get_components.
I'm using lib/python2. 6/site- packages/ pyOpenSSL- 0.8-py2. 6-linux- i686.egg/ OpenSSL/ version. pyc'>
Python 2.6.1 (r261:67515, Jan 7 2009, 15:48:16)
[GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2
<module 'OpenSSL.version' from '/usr/local/
and after creating the self signed server sertificate at cert/server.pem (and possibly copying to cert/ca.pem)
I call python server.py in one terminal and python client.py in another.
#minssl.py
#---------
import socket
import OpenSSL
min_sslcontext = None
CIPHERS = "HIGH:! ADH:!EXP: !MD5:@STRENGTH"
def InitServer( servercertchain , serverprivkey):
global min_sslcontext
method = OpenSSL. SSL.TLSv1_ METHOD SSL.Context( method)
min_sslcontext = OpenSSL.
min_sslcontext .use_certificat e_chain_ file(servercert chain)
min_sslcontext .use_privatekey _file(serverpri vkey) .set_verify_ depth(3) .set_verify( OpenSSL. SSL.VERIFY_ NONE, VerifyCallback) # No client authentication .set_cipher_ list(CIPHERS)
min_sslcontext
min_sslcontext
min_sslcontext
OpenSSL. rand.load_ file("/ dev/urandom" , 255)
def InitClient( rootcert= []):
global min_sslcontext
method = OpenSSL. SSL.TLSv1_ METHOD SSL.Context( method)
min_sslcontext = OpenSSL.
for rc in rootcert: t.load_ verify_ locations( rc)
min_sslcontex
min_sslcontext .set_verify_ depth(3) .set_verify( OpenSSL. SSL.VERIFY_ PEER, VerifyCallback)
min_sslcontext
min_sslcontext .set_cipher_ list(CIPHERS)
OpenSSL. rand.load_ file("/ dev/urandom" , 255)
class ClientSocket():
def __init__(self, host, port):
self.host = host
self.sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) sock.connect( (host, port) )
self.
self.sslconn = OpenSSL. SSL.Connection( min_sslcontext, self.sock ) sslconn. set_connect_ state()
self.
self. sslconn. do_handshake( ) # <---
class ServerSocket():
def __init__(self, port):
self.sock = None
self.sslconn = None
self.sock = socket. socket( socket. AF_INET, socket.SOCK_STREAM) sock.setsockopt (socket. SOL_SOCKET, socket. SO_REUSEADDR, 1)
self.
self.sock.bind( ("localhost", port) )
self. sock.listen( True)
self.sslconn = OpenSSL. SSL.Connection( min_sslcontext, self.sock ) sslconn. set_accept_ state()
self.
def accept(self): accept( ) SSL.Connection( min_sslcontext, clientsock)
clientsock, clientaddr = self.sslconn.
clientconn = OpenSSL.
clientconn. set_accept_ state() do_handshake( )
clientconn.
return clientsock, clientaddr
def VerifyCallback( sslconn, x509, errnum, errdepth, retcode): issuer( ).get_component s
print x509.get_
return retcode
# client.py
-----------
import minssl
minssl. InitClient( []) # "cert/ca.pem"]) ClientSocket( "localhost" , 1234)
sock = minssl.
# server.py
-----------
import minssl
minssl. InitServer( "cert/server. pem", "cert/server.pem")
sock = minssl. ServerSocket( 1234)
insock, inaddr = sock.accept()