[PYTHON-CRYPTO] Are verify callbacks global in M2Crypto?
Aaron C Spike
acspike at GMAIL.COM
Fri Oct 31 16:08:14 CET 2008
Using M2Crypto 0.18.2 on Ubuntu Hardy Heron, it seems that the callbacks
passed to Context.set_verify() are shared between Contexts and therefore
only a single callback is used. I've created a test case to illustrate
my experience.
def test_verify_cb_multiple_ctx(self):
pid = self.start_server(self.args)
try:
class VCB:
def __init__(self):
self.counter = 0
def __call__(self,ok,store):
self.counter += 1
return 1
cb1 = VCB()
cb2 = VCB()
ctx1 = SSL.Context()
ctx2 = SSL.Context()
ctx1.set_verify(SSL.verify_peer |
SSL.verify_fail_if_no_peer_cert, 9, cb1)
ctx2.set_verify(SSL.verify_peer |
SSL.verify_fail_if_no_peer_cert, 9, cb2)
s1 = SSL.Connection(ctx1)
s2 = SSL.Connection(ctx2)
try:
s1.connect(self.srv_addr)
s1.close()
s2.connect(self.srv_addr)
s2.close
except SSL.SSLError, e:
assert 0, e
finally:
self.stop_server(pid)
self.failIf(cb1.counter != cb2.counter)
======================================================================
FAIL: test_verify_cb_multiple_ctx (__main__.MiscSSLClientTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "tests/test_ssl.py", line 629, in test_verify_cb_multiple_ctx
self.failIf(cb1.counter != cb2.counter)
AssertionError
In the above example cb1.counter remains 0. My goal is to serve requests
on two sockets with different requirements for the clients which connect
to each. While this example is seen from the client perspective I
experience the same behavior on the server. I would appreciate advice on
how I can correct my code to function as I expect.
Thank you,
Aaron Spike
More information about the python-crypto
mailing list