search

wbond / certvalidator

Python library for validating X.509 certificates and paths
MIT License
107 stars 31 forks source link

Examples of TLS/SSL server validation #14

Closed sumitb closed 4 years ago

sumitb commented 5 years ago

This is the provided example for TLS/SSL server validation in documentation:

from oscrypto import tls from certvalidator import CertificateValidator, errors

session = tls.TLSSession(manual_validation=True) connection = tls.TLSSocket('www.google.com', 443, session=session)

try: validator = CertificateValidator(connection.certificate, connection.intermediates) validator.validate_tls(connection.hostname) except (errors.PathValidationError):

The certificate did not match the hostname, or could not be otherwise validated

However, validator.validate_tls() returns a certvalidator.path.ValidationPath instance and none of its attributes tells whether the tls/ssl to hostname is valid or not. Am I missing something here? How are others consuming this method?

wbond commented 4 years ago

The docs at https://github.com/wbond/certvalidator/blob/master/docs/api.md#validate_tls-method show the three exceptions thrown, and what situations trigger them. In the case of a hostname mismatch, you'd want to catch certvalidator.errors.InvalidCertificateError.