Python OpenSSL.SSL.VERIFY_PEER Examples
The following are 13
code examples of OpenSSL.SSL.VERIFY_PEER().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
OpenSSL.SSL
, or try the search function
.
.
Example #1
| Source File: _validation.py From flocker with Apache License 2.0 | 6 votes |
|
def getContext(self):
default_options = self.control_credential._default_options(
self.ca_certificate)
def verify(conn, cert, errno, depth, preverify_ok):
if depth > 0:
# Certificate authority chain:
return preverify_ok
# Now we're actually verifying certificate we care about:
if not preverify_ok:
return preverify_ok
return cert.get_subject().commonName.startswith(self.prefix)
context = default_options.getContext()
context.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT,
verify)
return context
Example #2
| Source File: test_ssl.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 5 votes |
|
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
Example #3
| Source File: ping.py From deskcon-desktop with GNU General Public License v3.0 | 5 votes |
|
def send_ping(ip, port):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "ping", 'data': ""}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
sslclientsocket.recv(2)
succ = True
except Exception as e:
print "Error " + str(e[0])
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
Example #4
| Source File: sms.py From deskcon-desktop with GNU General Public License v3.0 | 5 votes |
|
def send_sms(recver, msg, ip, port, errordialog):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "sms", 'data': {'number': recver, 'message': msg}}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
sslclientsocket.recv(2)
succ = True
except Exception as e:
errnum = e[0]
print "Error " + str(e[0])
if (errnum == -5):
errordialog.format_secondary_text("The Device is not reachable. Maybe it's not on your Network")
else:
errordialog.format_secondary_text("Errornumber "+str(errnum))
errordialog.run()
errordialog.hide()
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
Gtk.main_quit()
Example #5
| Source File: ssl.py From autopush with Mozilla Public License 2.0 | 5 votes |
|
def cacheContext(self):
"""Setup the main context factory with custom SSL settings"""
if self._context is None:
ctx = self._contextFactory(self.sslmethod)
ctx.set_cipher_list(MOZILLA_INTERMEDIATE_CIPHERS)
ctx.set_options(SSL.OP_CIPHER_SERVER_PREFERENCE)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_options(SSL.OP_NO_SSLv3)
ctx.set_options(SSL.OP_NO_COMPRESSION)
ctx.set_mode(SSL.MODE_RELEASE_BUFFERS)
ctx.set_options(SSL.OP_ALL & ~SSL.OP_MICROSOFT_BIG_SSLV3_BUFFER)
ctx.use_certificate_chain_file(self.certificateFileName)
ctx.use_privatekey_file(self.privateKeyFileName)
if self.dh_file:
ctx.load_tmp_dh(self.dh_file)
if self.require_peer_certs:
# Require peer certs but only for use by
# RequestHandlers
ctx.set_verify(
SSL.VERIFY_PEER |
SSL.VERIFY_CLIENT_ONCE,
self._allow_peer)
self._context = ctx
Example #6
| Source File: test_ssl.py From learn_python3_spider with MIT License | 5 votes |
|
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
Example #7
| Source File: test_ssl.py From python-for-android with Apache License 2.0 | 5 votes |
|
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
clientConnector = reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
Example #8
| Source File: test_ssl.py From BitTorrent with GNU General Public License v3.0 | 5 votes |
|
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
clientConnector = reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
Example #9
| Source File: context-verify-callback.py From pyopenssl with Apache License 2.0 | 5 votes |
|
def go():
port = socket()
port.bind(('', 0))
port.listen(1)
called = []
def info(*args):
print count.next()
called.append(None)
return 1
context = Context(TLSv1_METHOD)
context.set_verify(VERIFY_PEER, info)
context.use_certificate(
load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
context.use_privatekey(
load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
while 1:
client = socket()
client.setblocking(False)
client.connect_ex(port.getsockname())
clientSSL = Connection(context, client)
clientSSL.set_connect_state()
server, ignored = port.accept()
server.setblocking(False)
serverSSL = Connection(context, server)
serverSSL.set_accept_state()
del called[:]
while not called:
for ssl in clientSSL, serverSSL:
try:
ssl.send('foo')
except WantReadError, e:
pass
Example #10
| Source File: _sslverify.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 4 votes |
|
def _makeContext(self):
ctx = self._contextFactory(self.method)
ctx.set_options(self._options)
ctx.set_mode(self._mode)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
for extraCert in self.extraCertChain:
ctx.add_extra_chain_cert(extraCert)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
self.trustRoot._addCACertsToContext(ctx)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSessions:
name = "%s-%d" % (reflect.qual(self.__class__), _sessionCounter())
sessionName = md5(networkString(name)).hexdigest()
ctx.set_session_id(sessionName.encode('ascii'))
if self.dhParameters:
ctx.load_tmp_dh(self.dhParameters._dhFile.path)
ctx.set_cipher_list(self._cipherString.encode('ascii'))
if self._ecCurve is not None:
try:
self._ecCurve.addECKeyToContext(ctx)
except BaseException:
pass # ECDHE support is best effort only.
if self._acceptableProtocols:
# Try to set NPN and ALPN. _acceptableProtocols cannot be set by
# the constructor unless at least one mechanism is supported.
_setAcceptableProtocols(ctx, self._acceptableProtocols)
return ctx
Example #11
| Source File: filechooser.py From deskcon-desktop with GNU General Public License v3.0 | 4 votes |
|
def send_data(dialog, files, ip, port, pd):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
filenames = []
for filepath in files:
head, name = os.path.split(filepath)
filenames.append(name)
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "fileup", 'data': json.dumps(filenames)}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
print "wait for ack"
response = sslclientsocket.recv(2) #wait for Ack
if (response == "OK"):
# Get total transfer size
global total_size
for filepath in files: #send files
total_size = total_size + os.path.getsize(filepath)
print "send files"
for filepath in files: #send files
send_file(filepath, sslclientsocket, pd)
print "succesfully send Files"
succ = True
except Exception as e:
print "Error " + str(e)
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
dialog.destroy()
Example #12
| Source File: _sslverify.py From learn_python3_spider with MIT License | 4 votes |
|
def _makeContext(self):
ctx = self._contextFactory(self.method)
ctx.set_options(self._options)
ctx.set_mode(self._mode)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
for extraCert in self.extraCertChain:
ctx.add_extra_chain_cert(extraCert)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
self.trustRoot._addCACertsToContext(ctx)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSessions:
# 32 bytes is the maximum length supported
# Unfortunately pyOpenSSL doesn't provide SSL_MAX_SESSION_ID_LENGTH
sessionName = secureRandom(32)
ctx.set_session_id(sessionName)
if self.dhParameters:
ctx.load_tmp_dh(self.dhParameters._dhFile.path)
ctx.set_cipher_list(self._cipherString.encode('ascii'))
self._ecChooser.configureECDHCurve(ctx)
if self._acceptableProtocols:
# Try to set NPN and ALPN. _acceptableProtocols cannot be set by
# the constructor unless at least one mechanism is supported.
_setAcceptableProtocols(ctx, self._acceptableProtocols)
return ctx
Example #13
| Source File: _sslverify.py From python-for-android with Apache License 2.0 | 4 votes |
|
def _makeContext(self):
ctx = SSL.Context(self.method)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
if self.caCerts:
store = ctx.get_cert_store()
for cert in self.caCerts:
store.add_cert(cert)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSingleUseKeys:
ctx.set_options(SSL.OP_SINGLE_DH_USE)
if self.fixBrokenPeers:
ctx.set_options(self._OP_ALL)
if self.enableSessions:
sessionName = md5("%s-%d" % (reflect.qual(self.__class__), _sessionCounter())).hexdigest()
ctx.set_session_id(sessionName)
if not self.enableSessionTickets:
ctx.set_options(self._OP_NO_TICKET)
return ctx
