Changeset 6052 for TI12-security/trunk/python/ndg_security_common/ndg/security/common/utils/m2crypto.py
- Timestamp:
- 26/11/09 12:01:22 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/ndg_security_common/ndg/security/common/utils/m2crypto.py
r6050 r6052 272 272 self.__sslValidDNs = [] 273 273 274 def createCtx(self, **kw):274 def createCtx(self, depth=9, **kw): 275 275 """Create an M2Crypto SSL Context from this objects properties 276 @type depth: int 277 @param depth: max. depth of certificate to verify against 278 @type kw: dict 279 @param kw: M2Crypto.SSL.Context keyword arguments 276 280 @rtype: M2Crypto.SSL.Context 277 281 @return M2Crypto SSL context object 278 282 """ 279 283 ctx = SSL.Context(**kw) 284 285 # Configure context according to this proxy's attributes 280 286 if self.sslCertFilePath and self.sslPriKeyFilePath: 287 # Pass client certificate 281 288 ctx.load_cert(self.sslCertFilePath, 282 289 self.__sslPriKeyFilePath, 283 290 lambda *arg, **kw: self.sslPriKeyPwd) 284 291 log.debug("Set client certificate and key in SSL Context") 292 else: 293 log.debug("No client certificate or key set in SSL Context") 294 285 295 if self.sslCACertFilePath or self.sslCACertDir: 296 # Set CA certificates in order to verify peer 286 297 ctx.load_verify_locations(self.sslCACertFilePath, 287 298 self.sslCACertDir) 288 289 ctx.set_verify(SSL.verify_peer|SSL.verify_fail_if_no_peer_cert, 9, 290 callback=self.createVerifySSLPeerCertCallback()) 299 mode = SSL.verify_peer|SSL.verify_fail_if_no_peer_cert 300 else: 301 mode = SSL.verify_fail_if_no_peer_cert 302 log.warning('No CA certificate files set: mode set to ' 303 '"verify_fail_if_no_peer_cert" only') 304 305 if len(self.sslValidDNs) > 0: 306 # Set custom callback in order to verify peer certificate DN 307 # against whitelist 308 callback = self.createVerifySSLPeerCertCallback() 309 log.debug('Set peer certificate Distinguished Name check set in ' 310 'SSL Context') 311 else: 312 callback = None 313 log.warning('No peer certificate Distinguished Name check set in ' 314 'SSL Context') 315 316 ctx.set_verify(mode, depth, callback=callback) 291 317 292 318 return ctx
Note: See TracChangeset
for help on using the changeset viewer.