gesomax / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

SSL certificate verification #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I'd love to see httplib2 do SSL certificate verification (as libcurl does).

Original issue reported on code.google.com by joe.gregorio@gmail.com on 31 Jul 2007 at 1:15

GoogleCodeExporter commented 8 years ago
The standard socket.ssl just provide server() and issuer() functions. We can't 
get
the server certificate. I just had a look to M2Crypto.httpslib.HTTPSConnection 
wich
rewrites mainly the connect method using it's own SSL object. May be it's not 
too
difficult?

Original comment by Ernesto....@gmail.com on 1 Jul 2008 at 1:04

GoogleCodeExporter commented 8 years ago
The following patch integrates M2Crypto.SSL with httplib2. It's a proof of 
concept
and not exhaustively tested.

Original comment by Ernesto....@gmail.com on 2 Jul 2008 at 9:48

Attachments:

GoogleCodeExporter commented 8 years ago
There seems to be a problem with M2Crypto and timeouts, documented here:
https://bugzilla.osafoundation.org/show_bug.cgi?id=2341

We'll have a look at python-pyopenssl.

Original comment by Ernesto....@gmail.com on 3 Jul 2008 at 2:00

GoogleCodeExporter commented 8 years ago
What about using the new ssl module from 2.6?
It's avaible for older versions as well.

Original comment by ve...@gmx.ch on 27 Oct 2008 at 11:21

GoogleCodeExporter commented 8 years ago
Yes, this would be great. We'are still using python 2.5. We use actually pycurl,
because of some issues with timeouts in ssl connection under m2crypto and
python-openssl. I hope that python 2.6 will resolve the issue.

Original comment by Ernesto....@gmail.com on 10 Nov 2008 at 1:41

GoogleCodeExporter commented 8 years ago
Is this issue still valid? on python > 2.5 ... the Http class will use 
HTTPSConnectionWithTimeout if the scheme is https :)

Original comment by db.pub.m...@gmail.com on 29 Sep 2010 at 6:46

GoogleCodeExporter commented 8 years ago
Issue 116 has been merged into this issue.

Original comment by joe.gregorio@gmail.com on 29 Sep 2010 at 8:07

GoogleCodeExporter commented 8 years ago
Hi, attached is a patch for the python2 version that adds basic certificate 
verification. It will first attempt to use the ssl module (python >2.6, or if 
you've installed ssl 1.15 for python >2.3). If that fails that it will try to 
use M2Crypto, finally falling back on socket.ssl but without cert verification.

The only change to the interface is the addition of a set_ca_file(ca_file) 
method which tells httplib2 to do cert verification using the provided CA file 
in PEM format.

This has only been tested using python 2.6 on Ubuntu, and python 2.4.3 with 
both M2Crypto and python-ssl on RHEL 5 / CentOS 5.

This patch also contains a fix for issue 62 (sorry for mixing issues) and some 
file checks when adding certs because I found I was getting misleading error 
messages when giving wrong filenames by accident.

Original comment by davi...@gmail.com on 13 May 2011 at 2:33

Attachments:

GoogleCodeExporter commented 8 years ago
Certification validation has been added.

Original comment by joe.gregorio@gmail.com on 13 Jun 2011 at 4:53