Revision 65c6b8e0 lib/http.py
| b/lib/http.py | ||
|---|---|---|
| 228 | 228 |
@param ssl_cert_path: Path to file containing SSL certificate in PEM format |
| 229 | 229 |
|
| 230 | 230 |
""" |
| 231 |
ssl_key_pem = utils.ReadFile(ssl_key_path) |
|
| 232 |
ssl_cert_pem = utils.ReadFile(ssl_cert_path) |
|
| 231 |
self.ssl_key_pem = utils.ReadFile(ssl_key_path)
|
|
| 232 |
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path)
|
|
| 233 | 233 |
|
| 234 |
cr = OpenSSL.crypto |
|
| 235 |
self.cert = cr.load_certificate(cr.FILETYPE_PEM, ssl_cert_pem) |
|
| 236 |
self.key = cr.load_privatekey(cr.FILETYPE_PEM, ssl_key_pem) |
|
| 237 |
del cr |
|
| 234 |
def GetKey(self): |
|
| 235 |
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
|
| 236 |
self.ssl_key_pem) |
|
| 237 |
|
|
| 238 |
def GetCertificate(self): |
|
| 239 |
return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 240 |
self.ssl_cert_pem) |
|
| 238 | 241 |
|
| 239 | 242 |
|
| 240 | 243 |
class _HttpSocketBase(object): |
| ... | ... | |
| 244 | 247 |
def __init__(self): |
| 245 | 248 |
self._using_ssl = None |
| 246 | 249 |
self._ssl_params = None |
| 250 |
self._ssl_key = None |
|
| 251 |
self._ssl_cert = None |
|
| 247 | 252 |
|
| 248 | 253 |
def _CreateSocket(self, ssl_params, ssl_verify_peer): |
| 249 | 254 |
"""Creates a TCP socket and initializes SSL if needed. |
| ... | ... | |
| 265 | 270 |
if not self._using_ssl: |
| 266 | 271 |
return sock |
| 267 | 272 |
|
| 273 |
self._ssl_key = ssl_params.GetKey() |
|
| 274 |
self._ssl_cert = ssl_params.GetCertificate() |
|
| 275 |
|
|
| 268 | 276 |
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) |
| 269 | 277 |
ctx.set_options(OpenSSL.SSL.OP_NO_SSLv2) |
| 270 | 278 |
|
| 271 |
ctx.use_privatekey(ssl_params.key)
|
|
| 272 |
ctx.use_certificate(ssl_params.cert)
|
|
| 279 |
ctx.use_privatekey(self._ssl_key)
|
|
| 280 |
ctx.use_certificate(self._ssl_cert)
|
|
| 273 | 281 |
ctx.check_privatekey() |
| 274 | 282 |
|
| 275 | 283 |
if ssl_verify_peer: |
| ... | ... | |
| 288 | 296 |
""" |
| 289 | 297 |
assert self._ssl_params, "SSL not initialized" |
| 290 | 298 |
|
| 291 |
mykey = self._ssl_params.key |
|
| 292 |
mycert = self._ssl_params.cert |
|
| 293 |
|
|
| 294 |
return (mycert.digest("sha1") == cert.digest("sha1") and
|
|
| 295 |
mycert.digest("md5") == cert.digest("md5"))
|
|
| 299 |
return (self._ssl_cert.digest("sha1") == cert.digest("sha1") and
|
|
| 300 |
self._ssl_cert.digest("md5") == cert.digest("md5"))
|
|
| 296 | 301 |
|
| 297 | 302 |
|
| 298 | 303 |
class _HttpConnectionHandler(object): |
Also available in: Unified diff