Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 56 lines (51 sloc) 2.106 kb
8fee1a4 @rndmcnlly how with SSL
rndmcnlly authored
1 ## ssl context factory helper library
2 #
9f3eb2f Added Copyright information for the code that Adam (?) wrote.
Joel Franusic authored
3 # Copyright (c) 2008, 2009 Adam Marshall Smith
4 #
5 # Permission is hereby granted, free of charge, to any person
6 # obtaining a copy of this software and associated documentation
7 # files (the "Software"), to deal in the Software without
8 # restriction, including without limitation the rights to use,
9 # copy, modify, merge, publish, distribute, sublicense, and/or sell
10 # copies of the Software, and to permit persons to whom the
11 # Software is furnished to do so, subject to the following
12 # conditions:
13 #
14 # The above copyright notice and this permission notice shall be
15 # included in all copies or substantial portions of the Software.
16 #
17 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
19 # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
21 # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
22 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
23 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
24 # OTHER DEALINGS IN THE SOFTWARE.
25 #
26 #
8fee1a4 @rndmcnlly how with SSL
rndmcnlly authored
27 # Idea:
28 # - allow anyone who's cert verifies
29 # - verify people using ONLY our single CA
30 # - log everyone who comes by
31
32 from OpenSSL import SSL, crypto
33
34 class ServerContextFactory(object):
35 def __init__(self, myKey, trustedCA):
36 self.myKey = myKey
37 self.trustedCA = trustedCA
38
39 def _verify(self, connection, x509, errnum, errdepth, ok):
40 dude = x509.get_subject().commonName
41 if ok:
42 print 'Allowing SSL connection from', dude
43 else:
44 print 'Blocking SSL connection from', dude
45 return ok
46
47 def getContext(self):
48 ctx = SSL.Context(SSL.SSLv23_METHOD)
49 ctx.use_certificate_file(self.myKey)
50 ctx.use_privatekey_file(self.myKey)
51 ctx.load_client_ca(self.trustedCA)
52 ctx.load_verify_locations(self.trustedCA)
53 ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self._verify)
54 ctx.set_verify_depth(1)
55 return ctx
Something went wrong with that request. Please try again.