From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Mon, 13 Jun 2011 16:21:55 +0000 (-0400)
Subject: load trusted certs into ssl context prior to handshake
X-Git-Tag: sfa-1.0-24~2
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=eeccf5a2b0e05e77f10ce50eb3039ab87a574387;p=sfa.git

load trusted certs into ssl context prior to handshake
---

diff --git a/sfa/util/server.py b/sfa/util/server.py
index f8b1af48..b4fd2ffa 100644
--- a/sfa/util/server.py
+++ b/sfa/util/server.py
@@ -18,6 +18,8 @@ import SimpleXMLRPCServer
 from OpenSSL import SSL
 
 from sfa.trust.certificate import Keypair, Certificate
+from sfa.trust.trustedroot import TrustedRootList
+from sfa.util.config import Config
 from sfa.trust.credential import *
 from sfa.util.faults import *
 from sfa.plc.api import SfaAPI
@@ -151,6 +153,10 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
         ctx.use_certificate_file(cert_file)
         # If you wanted to verify certs against known CAs.. this is how you would do it
         #ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+        config = Config()
+        trusted_cert_files = TrustedRootList(config.get_trustedroots_dir()).get_file_list()
+        for cert_file in trusted_cert_files:
+            ctx.load_verify_locations(cert_file)
         ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
         ctx.set_verify_depth(5)
         ctx.set_app_data(self)