diff options
author | Victor Shyba <victor.shyba@gmail.com> | 2015-05-27 12:49:44 -0300 |
---|---|---|
committer | Victor Shyba <victor.shyba@gmail.com> | 2015-06-02 19:25:54 -0300 |
commit | c071c69e1b5a0d897674a1f7adc6ff32f19400ff (patch) | |
tree | 2a04564aa2ea8f257fc1b3e5a846a6b3cf7a43d7 /src/leap/common/certs.py | |
parent | 7826a96e526a450380917f9b89e3714576ca50b7 (diff) |
[bug] Use BrowserLikePolicyForHTTPS for checking
While testing the way that its implemented now, I found out that no check
is being made on certificate attributes against the host.
I found this simple way of creating a BrowserLikePolicyForHTTPS using
a self signed cert and it worked on my test. I used test_https from
Soledad for checking this (which we are fixing on another branch).
Also, we don't want to depend on twisted for other things than
leap.common.http.
Diffstat (limited to 'src/leap/common/certs.py')
-rw-r--r-- | src/leap/common/certs.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py index db513f6..c8e0743 100644 --- a/src/leap/common/certs.py +++ b/src/leap/common/certs.py @@ -178,3 +178,20 @@ def should_redownload(certfile, now=time.gmtime): return True return False + + +def get_compatible_ssl_context_factory(cert_path=None): + import twisted + cert = None + if twisted.version.base() > '14.0.1': + from twisted.web.client import BrowserLikePolicyForHTTPS + from twisted.internet import ssl + if cert_path: + cert = ssl.Certificate.loadPEM(open(cert_path).read()) + policy = BrowserLikePolicyForHTTPS(cert) + return policy + else: + raise Exception((""" + Twisted 14.0.2 is needed in order to have secure Client Web SSL Contexts, not %s + See: http://twistedmatrix.com/trac/ticket/7647 + """) % (twisted.version.base())) |