Home       Trees       Indices       Help   
NDG HTTPS Client
Package ndg :: Package httpsclient :: Module ssl_peer_verification :: Class ServerSSLCertVerification
[hide private]

Class ServerSSLCertVerification

source code

Check server identity. If hostname doesn't match, allow match of host's Distinguished Name against server DN setting

Instance Methods [hide private]
 
__init__(self, certDN=None, hostname=None, subj_alt_name_match=True)
Override parent class __init__ to enable setting of certDN setting		 source code
int
__call__(self, connection, peerCert, errorStatus, errorDepth, preverifyOK)
Verify server certificate		 source code
 
_getCertDN(self) source code
 
_setCertDN(self, val) source code
 
_getHostname(self) source code
 
_setHostname(self, val) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods [hide private]
 
_get_subj_alt_name(cls, peer_cert)
Extract subjectAltName DNS name settings from certificate extensions		 source code
Class Variables [hide private]
  DN_LUT = {'commonName': 'CN', 'countryName': 'C', 'domainCompo...
  SUBJ_ALT_NAME_EXT_NAME = 'subjectAltName'
  PARSER_RE_STR = '/(countryName|userid|streetAddress|emailAddre...
  PARSER_RE = re.compile(r'/(countryName|userid|streetAddress|em...
Properties [hide private]
  certDN
Distinguished Name for Server Certificate
  hostname
hostname of server
  __certDN
  __hostname
  __subj_alt_name_match

Inherited from object: __class__

Method Details [hide private]

__init__(self, certDN=None, hostname=None, subj_alt_name_match=True)
(Constructor)

source code 

Override parent class __init__ to enable setting of certDN setting

Parameters:
  • certDN (string) - Set the expected Distinguished Name of the server to avoid errors matching hostnames. This is useful where the hostname is not fully qualified
  • hostname (string) - hostname to match against peer certificate subjectAltNames or subject common name
  • subj_alt_name_match (bool) - flag to enable/disable matching of hostname against peer certificate subjectAltNames. Nb. A setting of True will be ignored if the pyasn1 package is not installed
Overrides: object.__init__

__call__(self, connection, peerCert, errorStatus, errorDepth, preverifyOK)
(Call operator)

source code 

Verify server certificate

Parameters:
  • connection (OpenSSL.SSL.Connection) - SSL connection object
  • peerCert (basestring) - server host certificate as OpenSSL.crypto.X509 instance
  • errorStatus (int) - error status passed from caller. This is the value returned by the OpenSSL C function X509_STORE_CTX_get_error(). Look-up x509_vfy.h in the OpenSSL source to get the meanings of the different codes. PyOpenSSL doesn't help you!
  • errorDepth (int) - a non-negative integer representing where in the certificate chain the error occurred. If it is zero it occured in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on.
  • preverifyOK (int) - the error status - 0 = Error, 1 = OK of the current SSL context irrespective of any verification checks done here. If this function yields an OK status, it should enforce the preverifyOK value so that any error set upstream overrides and is honoured.
Returns: int
status code - 0/False = Error, 1/True = OK

_get_subj_alt_name(cls, peer_cert)
Class Method

source code 

Extract subjectAltName DNS name settings from certificate extensions

Parameters:
  • peer_cert (OpenSSL.crypto.X509) - peer certificate in SSL connection. subjectAltName settings if any will be extracted from this

Class Variable Details [hide private]

DN_LUT

Value:
{'commonName': 'CN',
 'countryName': 'C',
 'domainComponent': 'DC',
 'emailAddress': 'EMAILADDRESS',
 'localityName': 'L',
 'organisation': 'O',
 'organisationalUnitName': 'OU',
 'stateOrProvinceName': 'ST',
...

PARSER_RE_STR

Value:
'/(countryName|userid|streetAddress|emailAddress|domainComponent|local\
ityName|organisationalUnitName|organisation|commonName|stateOrProvince\
Name|C|UID|STREET|EMAILADDRESS|DC|L|OU|O|CN|ST)='

PARSER_RE

Value:
re.compile(r'/(countryName|userid|streetAddress|emailAddress|domainCom\
ponent|localityName|organisationalUnitName|organisation|commonName|sta\
teOrProvinceName|C|UID|STREET|EMAILADDRESS|DC|L|OU|O|CN|ST)=')

Property Details [hide private]

certDN

Distinguished Name for Server Certificate

Get Method:
_getCertDN(self)
Set Method:
_setCertDN(self, val)

hostname

hostname of server

Get Method:
_getHostname(self)
Set Method:
_setHostname(self, val)

   Home       Trees       Indices       Help   
NDG HTTPS Client
Generated by Epydoc 3.0.1 on Wed Oct 24 14:00:02 2012 http://epydoc.sourceforge.net