Using HTTPSConnection and verifying server's CRT

[Marc Poulhiès]

ngps at netmemetic.com (Ng Pheng Siong) writes:

Hi,

> According to Marc Poulhiès  <marc.poulhiesNO-SP4M at epfl.ch>:
>> I tried to see if the M2Crypto has this possibility, but from my tests
>> and from what I can find on the website, it seems not :/
>
> How did you test and where on the website does it say not?

I did things like this:
con = M2Crypto.httpslib.HTTPSConnection("some_secure_server")
con.request("GET" , "/")
 
I tried to play with optional parameters (strict, debuglevel, etc) to
see if it was saying that it will not check server's CRT or some other
debug message dealing with server's certificate, but it is always
returning the webpage without saying anything :)

I did not say that M2C's doc stated clearly that this was not possible
(that's why I wrote "seems"), but I couldn't find something stating it
was possible (I tried google, API docs).

>> Can someone confirm me this is not possible or point me to something
>> that could help me?
>
> M2Crypto does server cert verification. With M2Crypto's httpslib, you pass
> in an SSL.Context instance to the HTTPSConnection constructor to configure
> the SSL; one of the config knobs is cert verification. So, redo your test,
> satisfy yourself that this is doable, and send me your code to include as
> an example in the distribution. ;-)

Ok, sorry for that. Maybe that with more readings I could have spotted
this. I'll try that tomorrow and give my code if I have something
working!


> M2Crypto even does client certs. Since Apr 2000, according to the very last
> blog entry on the ZServerSSL page.

Yes, I did try this and have my client authenticated to the server.

Thanks for this quick and clear answer ;)

Marc