diff options
author | kali <kali@leap.se> | 2012-10-18 09:30:53 +0900 |
---|---|---|
committer | kali <kali@leap.se> | 2012-10-18 09:30:53 +0900 |
commit | e1dbfc454180a77ebb38ecae6244ac4abe6d0ac5 (patch) | |
tree | dc160544313ab1e7a5e14ab5aa9fb8373fe8fae8 /src/leap/crypto | |
parent | 17896b9f9cbfbca7bc0a0344050dddea8ba61880 (diff) |
catch cert verification errors and ask user for trust
with a little helper function using gnutls
Diffstat (limited to 'src/leap/crypto')
-rw-r--r-- | src/leap/crypto/certs.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py new file mode 100644 index 00000000..aa1fc9e9 --- /dev/null +++ b/src/leap/crypto/certs.py @@ -0,0 +1,31 @@ +import ctypes +import socket + +import gnutls.connection +import gnutls.library + + +def get_https_cert_fingerprint(domain): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + cred = gnutls.connection.X509Credentials() + + session = gnutls.connection.ClientSession(sock, cred) + session.connect((domain, 443)) + session.handshake() + cert = session.peer_certificate + + _buffer = ctypes.create_string_buffer(20) + buffer_length = ctypes.c_size_t(20) + + gnutls.library.functions.gnutls_x509_crt_get_fingerprint( + cert._c_object, gnutls.library.constants.GNUTLS_DIG_SHA1, # 3 + ctypes.byref(_buffer), ctypes.byref(buffer_length)) + + # deinit + #server_cert._X509Certificate__deinit(server_cert._c_object) + # needed? is segfaulting + + fpr = ctypes.string_at(_buffer, buffer_length.value) + hex_fpr = u":".join(u"%02X" % ord(char) for char in fpr) + + return hex_fpr |