[PYTHON-CRYPTO] certificate verification
eGenix Team: M.-A. Lemburg
info at EGENIX.COM
Wed Nov 5 12:17:21 CET 2008
On 2008-11-04 20:59, Simon Barber wrote:
> I am writing a test case, and want to verify a certificate I've made -
> without using an SSL connection. I've tried following the certificate
> verification example in the "OpenSSL" O'Reilly book - Is this a good
> approach or is there a better way? The example code does this:
>
>
>
> X509_STORE_new()
>
> X509_STORE_load_locations()
>
> X509_STORE_set_detault_paths()
>
> X509_STORE_set_flags()
>
> X509_STORE_CTX_new()
>
> X509_STORE_CTX_init()
>
> X509_verify_cert()
>
>
>
> but some of the C functions don't appear in the M2Crypto wrappers. My first
> problem is that X509.X509_Store_Context() requires a x509_store_ctx be
> passed in - where do I get one? Next problem - what is the right way to call
> the C functions that are not wrapped? I have my root CA cert in an X509
> structure, not in a file, so I'd rather not use X509_STORE_load_locations().
I'm not sure how you'd do this in M2Crypto, but in pyOpenSSL, you'd
create an SSL Context object, load the certs and then create
a loopback Connection object to test the SSL verification.
http://pyopenssl.sourceforge.net/pyOpenSSL.html/
You can even use a loopback socket object that only behaves
like a socket and never actually uses any connections.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Nov 05 2008)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the python-crypto
mailing list