diff options
| author | Micah Anderson <micah@riseup.net> | 2015-09-01 14:18:25 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2015-09-01 14:18:25 -0400 |
| commit | 7c5de540396e1a84da4bbaf95865fc53239db5c3 (patch) | |
| tree | 912d3bd175747fce1fd1fd4d1e01826598cad322 /src/leap/common/certs.py | |
| parent | 3bb0b76770a124a13226556b60bcd84d3cc99a0b (diff) | |
| parent | 56724056f95e3d908c3fd11840cf62e64afb9e0f (diff) | |
Merge remote-tracking branch 'kali/debian/0.4.2' into debian/experimental
Diffstat (limited to 'src/leap/common/certs.py')
| -rw-r--r-- | src/leap/common/certs.py | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py index 4fe563b..37ede8e 100644 --- a/src/leap/common/certs.py +++ b/src/leap/common/certs.py @@ -128,22 +128,23 @@ def is_valid_pemfile(cert): return can_load_cert_and_pkey(cert) -def get_cert_time_boundaries(certfile): +def get_cert_time_boundaries(certdata): """ - Returns the time boundaries for the certificate saved in certfile + Return the time boundaries for the given certificate. + The returned values are UTC/GMT time.struct_time objects - :param certfile: path to certificate - :type certfile: str + :param certdata: the certificate contents + :type certdata: str :rtype: tuple (from, to) """ - cert = get_cert_from_string(certfile) + cert = get_cert_from_string(certdata) leap_assert(cert, 'There was a problem loading the certificate') fromts, tots = (cert.get_notBefore(), cert.get_notAfter()) - from_, to_ = map( - lambda ts: time.gmtime(time.mktime(dateparse(ts).timetuple())), - (fromts, tots)) + from_ = dateparse(fromts).timetuple() + to_ = dateparse(tots).timetuple() + return from_, to_ @@ -177,3 +178,21 @@ def should_redownload(certfile, now=time.gmtime): return True return False + + +def get_compatible_ssl_context_factory(cert_path=None): + import twisted + cert = None + if twisted.version.base() > '14.0.1': + from twisted.web.client import BrowserLikePolicyForHTTPS + from twisted.internet import ssl + if cert_path: + cert = ssl.Certificate.loadPEM(open(cert_path).read()) + policy = BrowserLikePolicyForHTTPS(cert) + return policy + else: + raise Exception((""" + Twisted 14.0.2 is needed in order to have secure + Client Web SSL Contexts, not %s + See: http://twistedmatrix.com/trac/ticket/7647 + """) % (twisted.version.base())) |