git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f8368a3
)
load trusted certs into ssl context prior to handshake
author
Tony Mack
<tmack@paris.CS.Princeton.EDU>
Mon, 13 Jun 2011 16:21:55 +0000
(12:21 -0400)
committer
Tony Mack
<tmack@paris.CS.Princeton.EDU>
Mon, 13 Jun 2011 16:21:55 +0000
(12:21 -0400)
sfa/util/server.py
patch
|
blob
|
history
diff --git
a/sfa/util/server.py
b/sfa/util/server.py
index
f8b1af4
..
b4fd2ff
100644
(file)
--- a/
sfa/util/server.py
+++ b/
sfa/util/server.py
@@
-18,6
+18,8
@@
import SimpleXMLRPCServer
from OpenSSL import SSL
from sfa.trust.certificate import Keypair, Certificate
from OpenSSL import SSL
from sfa.trust.certificate import Keypair, Certificate
+from sfa.trust.trustedroot import TrustedRootList
+from sfa.util.config import Config
from sfa.trust.credential import *
from sfa.util.faults import *
from sfa.plc.api import SfaAPI
from sfa.trust.credential import *
from sfa.util.faults import *
from sfa.plc.api import SfaAPI
@@
-151,6
+153,10
@@
class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
ctx.use_certificate_file(cert_file)
# If you wanted to verify certs against known CAs.. this is how you would do it
#ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
ctx.use_certificate_file(cert_file)
# If you wanted to verify certs against known CAs.. this is how you would do it
#ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+ config = Config()
+ trusted_cert_files = TrustedRootList(config.get_trustedroots_dir()).get_file_list()
+ for cert_file in trusted_cert_files:
+ ctx.load_verify_locations(cert_file)
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
ctx.set_verify_depth(5)
ctx.set_app_data(self)
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
ctx.set_verify_depth(5)
ctx.set_app_data(self)