API tools faq
paste
Tiran

SSL cert validation

Tiran
Feb 23rd, 2014
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.09 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3.3
  2. import os
  3. import ssl
  4. import socket
  5.  
  6. FILE = os.path.abspath(__file__)
  7. HERE = os.path.dirname(FILE)
  8. ADDRESS = ("apple.com", 443)
  9. CACERT_ADDRESS = ("www.cacert.org", 443)
  10.  
  11.  
  12. def get_server_certificate(addr, cafile=None, capath=None):
  13.     ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
  14.     ctx.verify_mode = ssl.CERT_REQUIRED
  15.     if cafile is None and capath is None:
  16.         ctx.set_default_verify_paths()
  17.     else:
  18.         ctx.load_verify_locations(cafile=cafile, capath=capath)
  19.     with socket.create_connection(addr) as conn:
  20.         with ctx.wrap_socket(conn) as sconn:
  21.             return sconn.getpeercert()
  22.  
  23.  
  24. def test():
  25.     print("Check with default verify paths")
  26.     try:
  27.         get_server_certificate(ADDRESS)
  28.     except ssl.SSLError as e:
  29.         print("  FAIL -- no default certs available?")
  30.         print("  {}".format(e))
  31.     else:
  32.         print("  PASS")
  33.  
  34.     print("Check verficiation with CACert as only root CA")
  35.     try:
  36.         get_server_certificate(ADDRESS, FILE, HERE)
  37.     except ssl.SSLError as e:
  38.         print("  PASS -- check failure expected")
  39.         print("  {}".format(e))
  40.     else:
  41.         print("  BUG -- check should have failed")
  42.  
  43.     print("Check www.cacert.org:443 with CACert root CA")
  44.     try:
  45.         get_server_certificate(CACERT_ADDRESS, FILE, HERE)
  46.     except ssl.SSLError as e:
  47.         print("  FAIL")
  48.         print("  {}".format(e))
  49.     else:
  50.         print("  PASS")
  51.  
  52.  
  53. if __name__ == "__main__":
  54.     test()
  55.  
  56.  
  57. """http://www.cacert.org/certs/root.crt
  58.  
  59. -----BEGIN CERTIFICATE-----
  60. MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
  61. IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
  62. IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
  63. Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
  64. BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
  65. MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
  66. ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
  67. CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
  68. 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
  69. zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
  70. fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
  71. w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
  72. G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
  73. epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
  74. laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
  75. QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
  76. fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
  77. YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
  78. ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
  79. gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
  80. MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
  81. IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
  82. dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
  83. czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
  84. dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
  85. aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
  86. AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
  87. b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
  88. ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
  89. nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
  90. 18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
  91. gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
  92. Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
  93. sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
  94. SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
  95. CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
  96. GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
  97. zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
  98. omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
  99. -----END CERTIFICATE-----
  100.  
  101. """
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!