>
> Hi,
>
> I have a small problem using the M2Crypto for SSL certificate
> verification. I have a client and a server who wants to get the certificates
> verified by the other in order start the communication. I am able to get the
> server certificate verified by the client but not the client certificate in
> the server.
>
> I have attached the code which I use for this. Kindly tell me where I had
> gone wrong.
>
> I would appreciate a quick reply since I have not been able to make
> progress in my project due to this problem.
>
>
> I am using Python 2.6.1 version in Ubuntu 8.10. I have the OpenSSL version
> 0.9.8 and SWIG 1.33.
> The M2Crypto I am using is 0.18.
>
> I am also using my own CA to sign the certificates. The CA certificates are
> available with both the server and the client.
>
> Please let me know if you require additional information on this.
>
> Thanks
> Karthik
>
import select
import socket
import sys
import string
import M2Crypto
HOST = "127.0.0.1"
PORT = 5050
BACKLOG = 5
BUFF_SIZE = 1024
from M2Crypto import SSL
class client:
def run(self):
con = SSL.Context('tlsv1')
#con.load_verify_locations('cacert.pem','/home/kchandr1/Desktop/sc/')
##con.load_verify_locations('cacert.pem')
#con.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth = 9)
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "client_crt.pem",keyfile = "client_key.pem")
con.set_client_CA_list_from_file('cacert.pem')
c= SSL.Connection(con)
c.connect((HOST,5050))
if c.get_peer_cert() is not None:
print "Server Certificate verified"
print c.get_verify_result()
print c.get_peer_cert()
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "client_crt.pem",keyfile = "client_key.pem")
else:
print "CLIENT: Not able to get certificate"
sys.exit()
data = raw_input("Enter")
while data:
c.send(data)
data = raw_input("Enter to pass to server")
c.close()
if __name__ == "__main__":
client1 = client()
try:
client1.run()
except KeyboardInterrupt:
print "Keyboard Interrupt recieved"
s.close_socket()
import select
import socket
import sys
import string
HOST = "127.0.0.1"
PORT = 5050
BACKLOG = 5
BUFF_SIZE = 1024
from M2Crypto import SSL
class server:
def run(self):
con = SSL.Context('tlsv1')
con.load_client_ca('cacert.pem')
con.load_cert(certfile = "server_crt.pem",keyfile = "server_key.pem")
con.load_verify_locations('cacert.pem')
#con.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth = 9)
bindsocket = SSL.Connection(con)
bindsocket.bind((HOST,PORT))
bindsocket.listen(BACKLOG)
print "waiting for connection"
(connectsocket, fromaddress) = bindsocket.accept()
c= SSL.Connection(con)
if c.get_peer_cert() is not None:
print "Client Certificate verified"
print c.get_verify_result()
else:
print "Server: Not able to get certificate"
print c.get_verify_result()
print c.get_peer_cert()
sys.exit()
data = connectsocket.read()
while data:
print data
data = connectsocket.read()
connectsocket.write('200 OK\r\n\r\n')
connectsocket.close()
bindsocket.close()
if __name__ == "__main__":
s = server()
try:
s.run()
except KeyboardInterrupt:
print "Keyboard Interrupt recieved"
s.close_socket()
_______________________________________________
[email protected] mailing list
unsubscribe here: http://lists.osafoundation.org/mailman/listinfo/chandler-users
Chandler wiki: http://chandlerproject.org/wikihome
