[Twisted-Python] ISSLTransport.getPeerCertificate returning None?
Glyph
glyph at twistedmatrix.com
Wed Dec 11 06:48:29 MST 2013
On Dec 10, 2013, at 6:01 AM, Laurens Van Houtven <_ at lvh.io> wrote:
> Somehow, JP's e-mail did not make it into my inbox :-(
>
> Anyway, using the context factory that I got from ssl.PrivateCertificate.options() (which I think is CertificateOptions), I wasn't able to inspect the peer certificate. That's on 13.2. Using the context factory I pasted in a previous e-mail, it's now working great :)
>
> cheers
> lvh
CertificateOptions will only set 'verify' if there are certificate authorities to verify against.
However, you can still CertificateOptions with a wrapper, like this:
from twisted.internet.ssl import ContextFactory
from OpenSSL import SSL
class TOFUVerify(ContextFactory):
def __init__(self, wrapped):
self.wrapped = wrapped
def getContext(self):
ctx = self.wrapped.getContext()
ctx.set_verify(SSL.VERIFY_PEER, lambda *args: True)
return ctx
since CertificateOptions sets a bunch of other options for you that might be useful.
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20131211/0bf55d29/attachment-0002.html>
More information about the Twisted-Python
mailing list