diff options
| author | Kali Kaneko <kali@leap.se> | 2015-08-28 10:59:30 -0400 |
|---|---|---|
| committer | Kali Kaneko <kali@leap.se> | 2015-08-28 10:59:30 -0400 |
| commit | 8fa97c02b5f07f896e52d9bb272128f267af04ea (patch) | |
| tree | e0ce6bbaaa48441ebcfb807a45e8753fe8432423 /src/leap/common/certs.py | |
| parent | d272a953a01f5c601e4894a916f7b4d990a03327 (diff) | |
| parent | ccecd1b3750bd10404511c33be1aaca82631a502 (diff) | |
Merge tag '0.4.2' into debian/experimental
Tag leap.common version 0.4.2
Conflicts:
pkg/requirements-testing.pip
setup.cfg
src/leap/common/_version.py
src/leap/common/events/events_pb2.py
Diffstat (limited to 'src/leap/common/certs.py')
| -rw-r--r-- | src/leap/common/certs.py | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py index 4fe563b..37ede8e 100644 --- a/src/leap/common/certs.py +++ b/src/leap/common/certs.py @@ -128,22 +128,23 @@ def is_valid_pemfile(cert): return can_load_cert_and_pkey(cert) -def get_cert_time_boundaries(certfile): +def get_cert_time_boundaries(certdata): """ - Returns the time boundaries for the certificate saved in certfile + Return the time boundaries for the given certificate. + The returned values are UTC/GMT time.struct_time objects - :param certfile: path to certificate - :type certfile: str + :param certdata: the certificate contents + :type certdata: str :rtype: tuple (from, to) """ - cert = get_cert_from_string(certfile) + cert = get_cert_from_string(certdata) leap_assert(cert, 'There was a problem loading the certificate') fromts, tots = (cert.get_notBefore(), cert.get_notAfter()) - from_, to_ = map( - lambda ts: time.gmtime(time.mktime(dateparse(ts).timetuple())), - (fromts, tots)) + from_ = dateparse(fromts).timetuple() + to_ = dateparse(tots).timetuple() + return from_, to_ @@ -177,3 +178,21 @@ def should_redownload(certfile, now=time.gmtime): return True return False + + +def get_compatible_ssl_context_factory(cert_path=None): + import twisted + cert = None + if twisted.version.base() > '14.0.1': + from twisted.web.client import BrowserLikePolicyForHTTPS + from twisted.internet import ssl + if cert_path: + cert = ssl.Certificate.loadPEM(open(cert_path).read()) + policy = BrowserLikePolicyForHTTPS(cert) + return policy + else: + raise Exception((""" + Twisted 14.0.2 is needed in order to have secure + Client Web SSL Contexts, not %s + See: http://twistedmatrix.com/trac/ticket/7647 + """) % (twisted.version.base())) |