本文整理汇总了Python中OpenSSL.SSL.VERIFY_PEER属性的典型用法代码示例。如果您正苦于以下问题:Python SSL.VERIFY_PEER属性的具体用法?Python SSL.VERIFY_PEER怎么用?Python SSL.VERIFY_PEER使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类OpenSSL.SSL
的用法示例。
在下文中一共展示了SSL.VERIFY_PEER属性的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getContext
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def getContext(self):
default_options = self.control_credential._default_options(
self.ca_certificate)
def verify(conn, cert, errno, depth, preverify_ok):
if depth > 0:
# Certificate authority chain:
return preverify_ok
# Now we're actually verifying certificate we care about:
if not preverify_ok:
return preverify_ok
return cert.get_subject().commonName.startswith(self.prefix)
context = default_options.getContext()
context.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT,
verify)
return context
示例2: testFailedVerify
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
示例3: send_ping
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def send_ping(ip, port):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "ping", 'data': ""}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
sslclientsocket.recv(2)
succ = True
except Exception as e:
print "Error " + str(e[0])
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
示例4: send_sms
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def send_sms(recver, msg, ip, port, errordialog):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "sms", 'data': {'number': recver, 'message': msg}}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
sslclientsocket.recv(2)
succ = True
except Exception as e:
errnum = e[0]
print "Error " + str(e[0])
if (errnum == -5):
errordialog.format_secondary_text("The Device is not reachable. Maybe it's not on your Network")
else:
errordialog.format_secondary_text("Errornumber "+str(errnum))
errordialog.run()
errordialog.hide()
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
Gtk.main_quit()
示例5: cacheContext
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def cacheContext(self):
"""Setup the main context factory with custom SSL settings"""
if self._context is None:
ctx = self._contextFactory(self.sslmethod)
ctx.set_cipher_list(MOZILLA_INTERMEDIATE_CIPHERS)
ctx.set_options(SSL.OP_CIPHER_SERVER_PREFERENCE)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_options(SSL.OP_NO_SSLv3)
ctx.set_options(SSL.OP_NO_COMPRESSION)
ctx.set_mode(SSL.MODE_RELEASE_BUFFERS)
ctx.set_options(SSL.OP_ALL & ~SSL.OP_MICROSOFT_BIG_SSLV3_BUFFER)
ctx.use_certificate_chain_file(self.certificateFileName)
ctx.use_privatekey_file(self.privateKeyFileName)
if self.dh_file:
ctx.load_tmp_dh(self.dh_file)
if self.require_peer_certs:
# Require peer certs but only for use by
# RequestHandlers
ctx.set_verify(
SSL.VERIFY_PEER |
SSL.VERIFY_CLIENT_ONCE,
self._allow_peer)
self._context = ctx
示例6: testFailedVerify
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def testFailedVerify(self):
org = "twisted.test.test_ssl"
self.setupServerAndClient(
(org, org + ", client"), {},
(org, org + ", server"), {})
def verify(*a):
return False
self.clientCtxFactory.getContext().set_verify(SSL.VERIFY_PEER, verify)
serverConnLost = defer.Deferred()
serverProtocol = protocol.Protocol()
serverProtocol.connectionLost = serverConnLost.callback
serverProtocolFactory = protocol.ServerFactory()
serverProtocolFactory.protocol = lambda: serverProtocol
self.serverPort = serverPort = reactor.listenSSL(0,
serverProtocolFactory, self.serverCtxFactory)
clientConnLost = defer.Deferred()
clientProtocol = protocol.Protocol()
clientProtocol.connectionLost = clientConnLost.callback
clientProtocolFactory = protocol.ClientFactory()
clientProtocolFactory.protocol = lambda: clientProtocol
clientConnector = reactor.connectSSL('127.0.0.1',
serverPort.getHost().port, clientProtocolFactory, self.clientCtxFactory)
dl = defer.DeferredList([serverConnLost, clientConnLost], consumeErrors=True)
return dl.addCallback(self._cbLostConns)
示例7: go
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def go():
port = socket()
port.bind(('', 0))
port.listen(1)
called = []
def info(*args):
print count.next()
called.append(None)
return 1
context = Context(TLSv1_METHOD)
context.set_verify(VERIFY_PEER, info)
context.use_certificate(
load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
context.use_privatekey(
load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))
while 1:
client = socket()
client.setblocking(False)
client.connect_ex(port.getsockname())
clientSSL = Connection(context, client)
clientSSL.set_connect_state()
server, ignored = port.accept()
server.setblocking(False)
serverSSL = Connection(context, server)
serverSSL.set_accept_state()
del called[:]
while not called:
for ssl in clientSSL, serverSSL:
try:
ssl.send('foo')
except WantReadError, e:
pass
示例8: _makeContext
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def _makeContext(self):
ctx = self._contextFactory(self.method)
ctx.set_options(self._options)
ctx.set_mode(self._mode)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
for extraCert in self.extraCertChain:
ctx.add_extra_chain_cert(extraCert)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
self.trustRoot._addCACertsToContext(ctx)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSessions:
name = "%s-%d" % (reflect.qual(self.__class__), _sessionCounter())
sessionName = md5(networkString(name)).hexdigest()
ctx.set_session_id(sessionName.encode('ascii'))
if self.dhParameters:
ctx.load_tmp_dh(self.dhParameters._dhFile.path)
ctx.set_cipher_list(self._cipherString.encode('ascii'))
if self._ecCurve is not None:
try:
self._ecCurve.addECKeyToContext(ctx)
except BaseException:
pass # ECDHE support is best effort only.
if self._acceptableProtocols:
# Try to set NPN and ALPN. _acceptableProtocols cannot be set by
# the constructor unless at least one mechanism is supported.
_setAcceptableProtocols(ctx, self._acceptableProtocols)
return ctx
示例9: send_data
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def send_data(dialog, files, ip, port, pd):
HOST, PORT = ip, int(port)
uuid = configmanager.uuid
hostname = socket.gethostname()
filenames = []
for filepath in files:
head, name = os.path.split(filepath)
filenames.append(name)
jsonobj = {'uuid': uuid, 'name': hostname,
'type': "fileup", 'data': json.dumps(filenames)}
data = json.dumps(jsonobj)
# Initialize context
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2|SSL.OP_NO_SSLv3) #TLS1 and up
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) #Demand a certificate
ctx.use_privatekey_file(configmanager.privatekeypath)
ctx.use_certificate_file(configmanager.certificatepath)
ctx.load_verify_locations(configmanager.cafilepath)
sslclientsocket = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
succ = False
try:
sslclientsocket.connect((HOST, PORT))
sslclientsocket.sendall(data)
print "wait for ack"
response = sslclientsocket.recv(2) #wait for Ack
if (response == "OK"):
# Get total transfer size
global total_size
for filepath in files: #send files
total_size = total_size + os.path.getsize(filepath)
print "send files"
for filepath in files: #send files
send_file(filepath, sslclientsocket, pd)
print "succesfully send Files"
succ = True
except Exception as e:
print "Error " + str(e)
finally:
if (succ):
sslclientsocket.shutdown()
sslclientsocket.close()
dialog.destroy()
示例10: _makeContext
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def _makeContext(self):
ctx = self._contextFactory(self.method)
ctx.set_options(self._options)
ctx.set_mode(self._mode)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
for extraCert in self.extraCertChain:
ctx.add_extra_chain_cert(extraCert)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
self.trustRoot._addCACertsToContext(ctx)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSessions:
# 32 bytes is the maximum length supported
# Unfortunately pyOpenSSL doesn't provide SSL_MAX_SESSION_ID_LENGTH
sessionName = secureRandom(32)
ctx.set_session_id(sessionName)
if self.dhParameters:
ctx.load_tmp_dh(self.dhParameters._dhFile.path)
ctx.set_cipher_list(self._cipherString.encode('ascii'))
self._ecChooser.configureECDHCurve(ctx)
if self._acceptableProtocols:
# Try to set NPN and ALPN. _acceptableProtocols cannot be set by
# the constructor unless at least one mechanism is supported.
_setAcceptableProtocols(ctx, self._acceptableProtocols)
return ctx
示例11: _makeContext
# 需要导入模块: from OpenSSL import SSL [as 别名]
# 或者: from OpenSSL.SSL import VERIFY_PEER [as 别名]
def _makeContext(self):
ctx = SSL.Context(self.method)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
if self.caCerts:
store = ctx.get_cert_store()
for cert in self.caCerts:
store.add_cert(cert)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSingleUseKeys:
ctx.set_options(SSL.OP_SINGLE_DH_USE)
if self.fixBrokenPeers:
ctx.set_options(self._OP_ALL)
if self.enableSessions:
sessionName = md5("%s-%d" % (reflect.qual(self.__class__), _sessionCounter())).hexdigest()
ctx.set_session_id(sessionName)
if not self.enableSessionTickets:
ctx.set_options(self._OP_NO_TICKET)
return ctx