summaryrefslogtreecommitdiff
path: root/src/leap/crypto/certs.py
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-10-18 09:30:53 +0900
committerkali <kali@leap.se>2012-10-18 09:30:53 +0900
commite1dbfc454180a77ebb38ecae6244ac4abe6d0ac5 (patch)
treedc160544313ab1e7a5e14ab5aa9fb8373fe8fae8 /src/leap/crypto/certs.py
parent17896b9f9cbfbca7bc0a0344050dddea8ba61880 (diff)
catch cert verification errors and ask user for trust
with a little helper function using gnutls
Diffstat (limited to 'src/leap/crypto/certs.py')
-rw-r--r--src/leap/crypto/certs.py31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
new file mode 100644
index 00000000..aa1fc9e9
--- /dev/null
+++ b/src/leap/crypto/certs.py
@@ -0,0 +1,31 @@
+import ctypes
+import socket
+
+import gnutls.connection
+import gnutls.library
+
+
+def get_https_cert_fingerprint(domain):
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ cred = gnutls.connection.X509Credentials()
+
+ session = gnutls.connection.ClientSession(sock, cred)
+ session.connect((domain, 443))
+ session.handshake()
+ cert = session.peer_certificate
+
+ _buffer = ctypes.create_string_buffer(20)
+ buffer_length = ctypes.c_size_t(20)
+
+ gnutls.library.functions.gnutls_x509_crt_get_fingerprint(
+ cert._c_object, gnutls.library.constants.GNUTLS_DIG_SHA1, # 3
+ ctypes.byref(_buffer), ctypes.byref(buffer_length))
+
+ # deinit
+ #server_cert._X509Certificate__deinit(server_cert._c_object)
+ # needed? is segfaulting
+
+ fpr = ctypes.string_at(_buffer, buffer_length.value)
+ hex_fpr = u":".join(u"%02X" % ord(char) for char in fpr)
+
+ return hex_fpr