I have a weird quirk with the M2Crypto module and I hope someone would be able
to point me in the right direction. I am working with a colleague to develop
an internal tool to check SSL certificates on a list of IPv4 addresses obtained
via stdin.
We are using M2Crypto to help with validating the certificates. If we only
have it check one IPv4 address, it is able to provide us with the correct
certificate and we are able to do our validation checks on the information that
the SSL certificate contains.
However, if we try to check multiple IPv4 addresses we receive the
"M2Crypto.SSL.Checker.NoCertificate". There are some cases where we should be
receiving this. However, regardless of what the second or third IPv4 address
is (even if it tested good as the first one), it will fail.
Context creation:
global context
context = M2Crypto.SSL.Context()
if sys.platform.startswith('linux'):
context.load_verify_info(capath="/etc/ssl/certs/") #Linux with
real open SSL installed
elif sys.platform.startswith('darwin'):
context.load_verify_info(cafile=certfile)
else:
print "Unknown platform, bail!"
exit(1)
context.set_allow_unknown_ca(True)
context.set_verify(M2Crypto.SSL.verify_none,9)
Socket creation:
conn = M2Crypto.SSL.Connection(context)
socket.setdefaulttimeout(2.0)
conn.set_socket_read_timeout(M2Crypto.SSL.timeout(sec=2))
conn.set_socket_write_timeout(M2Crypto.SSL.timeout(sec=2))
try:
conn.connect((ip,443))
The above two portions of code exist in their own functions. The latter block
gets called as part of the loop over the array of addresses. The IP is passed
from the caller.
Thank you in advance!
-Tim
--
http://mail.python.org/mailman/listinfo/python-list
