m2crypto https, xmlrpc and ignore server name mismatch

Path	csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!news.musoftware.de!wum.musoftware.de!news2.arglkargh.de!news.wiretrip.org!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path	<python-python-list@m.gmane.org>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.000
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'context': 0.04; 'hostname': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'subject:ignore': 0.09; 'server,': 0.12; 'certificate.': 0.16; 'mismatch': 0.16; 'pointers.': 0.16; 'subject:https': 0.16; 'subject:server': 0.16; 'xmlrpclib': 0.16; 'def': 0.16; 'advance': 0.18; 'ignore': 0.21; 'modify': 0.22; 'wondered': 0.23; 'code': 0.24; 'testing': 0.25; "i'm": 0.27; 'import': 0.29; 'server': 0.29; 'matches': 0.29; 'xmlrpc': 0.30; 'thanks': 0.31; 'this.': 0.31; 'hi,': 0.31; 'to:addr:python-list': 0.34; 'header:X -Complaints-To:1': 0.34; 'header:User-Agent:1': 0.34; 'certain': 0.36; 'using': 0.37; 'received:org': 0.38; 'header:Mime- Version:1': 0.39; 'to:addr:python.org': 0.39; 'subject:name': 0.67
X-Injected-Via-Gmane	http://gmane.org/
To	python-list@python.org
From	Gelonida N <gelonida@gmail.com>
Subject	m2crypto https, xmlrpc and ignore server name mismatch
Date	Tue, 02 Aug 2011 23:59:39 +0200
Mime-Version	1.0
Content-Type	text/plain; charset=ISO-8859-1
Content-Transfer-Encoding	7bit
X-Gmane-NNTP-Posting-Host	unicorn.dungeon.de
User-Agent	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 ""
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.1806.1312322399.1164.python-list@python.org> (permalink)
Lines	48
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1312322399 news.xs4all.nl 23938 [2001:888:2000:d::a6]:51580
X-Complaints-To	abuse@xs4all.nl
Xref	x330-a1.tempe.blueboxinc.net comp.lang.python:10767

Show key headers only | View raw

Hi,


Just started playing with m2crypto's xmlrpc

The code I'm using is:

import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
from M2Crypto.SSL.Context import Context

ctx = Context()
# modify context
svr = Server(rpc_url, SSL_Transport(ctx), encoding='utf-8')
svr.mymethod1(1)
svr.mymethod2(2)


What I wondered is following:

For testing I would like to ignore the fact, that the hostname in the
request is different from the hostname in the server certificate.

On the other hand I would like to verify that the server name from the
server's certidicate matches a certain criteria.

What would be the code to do this.

import xmlrpclib
from M2Crypto.m2xmlrpclib import Server, SSL_Transport
from M2Crypto.SSL.Context import Context


def check_func(server_certificate):
     hostname = get_hostname_from_cert()
     return hostname.endswith('.mydomain.com')

ctx = Context()
# modify context
# add code to ignore server name mismatch
# add code to call check_func. accept request only if it returns True
svr = Server(rpc_url, SSL_Transport(ctx), encoding='utf-8')
svr.mymethod1(1)
svr.mymethod2(2)


Thanks in advance for any pointers.

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread

Thread

m2crypto https, xmlrpc and ignore server name mismatch Gelonida N <gelonida@gmail.com> - 2011-08-02 23:59 +0200

csiph-web