OXIESEC PANEL
- Current Dir:
/
/
usr
/
lib
/
python3
/
dist-packages
/
ndg
/
httpsclient
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
07/12/2020 04:36:18 PM
rwxr-xr-x
📄
LICENSE
1.56 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
__init__.py
390 bytes
09/01/2017 10:56:40 AM
rw-r--r--
📁
__pycache__
-
07/12/2020 04:36:18 PM
rwxr-xr-x
📄
https.py
4.72 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
ssl_context_util.py
3.38 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
ssl_peer_verification.py
9.48 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
ssl_socket.py
9.13 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
subj_alt_name.py
5.99 KB
09/01/2017 10:56:40 AM
rw-r--r--
📁
test
-
07/12/2020 04:36:18 PM
rwxr-xr-x
📄
urllib2_build_opener.py
2.63 KB
09/01/2017 10:56:40 AM
rw-r--r--
📄
utils.py
15.33 KB
09/01/2017 10:56:40 AM
rw-r--r--
Editing: ssl_context_util.py
Close
"""ndg_httpsclient SSL Context utilities module containing convenience routines for setting SSL context configuration. """ __author__ = "P J Kershaw (STFC)" __date__ = "09/12/11" __copyright__ = "(C) 2012 Science and Technology Facilities Council" __license__ = "BSD - see LICENSE file in top-level directory" __contact__ = "Philip.Kershaw@stfc.ac.uk" __revision__ = '$Id$' import sys if sys.version_info[0] > 2: import urllib.parse as urlparse_ else: import urlparse as urlparse_ from OpenSSL import SSL from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification class SSlContextConfig(object): """ Holds configuration options for creating a SSL context. This is used as a template to create the contexts with specific verification callbacks. """ def __init__(self, key_file=None, cert_file=None, pem_file=None, ca_dir=None, verify_peer=False): self.key_file = key_file self.cert_file = cert_file self.pem_file = pem_file self.ca_dir = ca_dir self.verify_peer = verify_peer def make_ssl_context_from_config(ssl_config=False, url=None): return make_ssl_context(ssl_config.key_file, ssl_config.cert_file, ssl_config.pem_file, ssl_config.ca_dir, ssl_config.verify_peer, url) def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None, verify_peer=False, url=None, method=SSL.TLSv1_METHOD, key_file_passphrase=None): """ Creates SSL context containing certificate and key file locations. """ ssl_context = SSL.Context(method) # Key file defaults to certificate file if present. if cert_file: ssl_context.use_certificate_file(cert_file) if key_file_passphrase: passwd_cb = lambda max_passphrase_len, set_prompt, userdata: \ key_file_passphrase ssl_context.set_passwd_cb(passwd_cb) if key_file: ssl_context.use_privatekey_file(key_file) elif cert_file: ssl_context.use_privatekey_file(cert_file) if pem_file or ca_dir: ssl_context.load_verify_locations(pem_file, ca_dir) def _callback(conn, x509, errnum, errdepth, preverify_ok): """Default certification verification callback. Performs no checks and returns the status passed in. """ return preverify_ok verify_callback = _callback if verify_peer: ssl_context.set_verify_depth(9) if url: set_peer_verification_for_url_hostname(ssl_context, url) else: ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback) else: ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback) return ssl_context def set_peer_verification_for_url_hostname(ssl_context, url, if_verify_enabled=False): '''Convenience routine to set peer verification callback based on ServerSSLCertVerification class''' if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER): urlObj = urlparse_.urlparse(url) hostname = urlObj.hostname server_ssl_cert_verif = ServerSSLCertVerification(hostname=hostname) verify_callback_ = server_ssl_cert_verif.get_verify_server_cert_func() ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback_)