X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Futil%2Fserver.py;fp=sfa%2Futil%2Fserver.py;h=00854a9ddb88dc998642e281baa79095c7c6bbc1;hb=26533fa2f838ec4842e576ed42e04e5018f8f69a;hp=e6d3f3beb46ca43137f7f340149c1886c4b55921;hpb=c7d065b2eb70d6ba7fb814d3972366da891fa7c2;p=sfa.git

diff --git a/sfa/util/server.py b/sfa/util/server.py
index e6d3f3be..00854a9d 100644
--- a/sfa/util/server.py
+++ b/sfa/util/server.py
@@ -36,11 +36,10 @@ def verify_callback(conn, x509, err, depth, preverify):
     if preverify:
        #print "  preverified"
        return 1
-
     # we're only passing single certificates, not chains
-    if depth > 0:
-       #print "  depth > 0 in verify_callback"
-       return 0
+#    if depth > 0:
+#       #print "  depth > 0 in verify_callback"
+#       return 1
 
     # the certificate verification done by openssl checks a number of things
     # that we aren't interested in, so we look out for those error messages
@@ -149,9 +148,11 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
            SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, True, None)
         SocketServer.BaseServer.__init__(self, server_address, HandlerClass)
         ctx = SSL.Context(SSL.SSLv23_METHOD)
-        ctx.use_privatekey_file(key_file)
+        ctx.use_privatekey_file(key_file)        
         ctx.use_certificate_file(cert_file)
+        #ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
         ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
+        ctx.set_verify_depth(5)
         ctx.set_app_data(self)
         self.socket = SSL.Connection(ctx, socket.socket(self.address_family,
                                                         self.socket_type))