load trusted certs into ssl context prior to handshake

author Tony Mack <tmack@paris.CS.Princeton.EDU>

Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)

committer Tony Mack <tmack@paris.CS.Princeton.EDU>

Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)
author Tony Mack <tmack@paris.CS.Princeton.EDU>
Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)
committer Tony Mack <tmack@paris.CS.Princeton.EDU>
Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)
diff --git a/sfa/util/server.py b/sfa/util/server.py

index f8b1af4..b4fd2ff 100644 (file)
--- a/sfa/util/server.py
+++ b/sfa/util/server.py
@@ -18,6 +18,8 @@ import SimpleXMLRPCServer
  from OpenSSL import SSL
  
  from sfa.trust.certificate import Keypair, Certificate
+from sfa.trust.trustedroot import TrustedRootList
+from sfa.util.config import Config
  from sfa.trust.credential import *
  from sfa.util.faults import *
  from sfa.plc.api import SfaAPI
@@ -151,6 +153,10 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
          ctx.use_certificate_file(cert_file)
          # If you wanted to verify certs against known CAs.. this is how you would do it
          #ctx.load_verify_locations('/etc/sfa/trusted_roots/plc.gpo.gid')
+        config = Config()
+        trusted_cert_files = TrustedRootList(config.get_trustedroots_dir()).get_file_list()
+        for cert_file in trusted_cert_files:
+            ctx.load_verify_locations(cert_file)
          ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback)
          ctx.set_verify_depth(5)
          ctx.set_app_data(self)
author	Tony Mack <tmack@paris.CS.Princeton.EDU>
	Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)
committer	Tony Mack <tmack@paris.CS.Princeton.EDU>
	Mon, 13 Jun 2011 16:21:55 +0000 (12:21 -0400)