Skip to main content

Service identity verification for pyOpenSSL.

Project description

https://travis-ci.org/hynek/service_identity.png?branch=master https://coveralls.io/repos/hynek/service_identity/badge.png

WARNING

This software is currently pre-alpha and under review. Use it at your own peril.

Any part is subject to change, but feedback is very welcome!

Pitch

service_identity aspires to give you all the tools you need for verifying whether the certificates of servers you connect to are valid for the intended purposes.

In the simplest case, this means host name verification. However, service_identity implements RFC 6125 fully and plans to add relevant other RFCs too.

Features

Present

  • dNSName with fallback to CN (DNS-ID, aka host names, RFC 6125).
  • uniformResourceIdentifier (URI-ID, RFC 6125).
  • SRV-ID (RFC 6125)

Future

Usage

Verify a Hostname

The simplest, most common, and most important usage:

from __future__ import absolute_import, division, print_function

import socket

from OpenSSL import SSL
from service_identity import verify_hostname, VerificationError


ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_verify(SSL.VERIFY_PEER, lambda conn, cert, errno, depth, ok: ok)
ctx.set_default_verify_paths()

hostname = u"twistedmatrix.com"
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
sock.connect((hostname, 443))

try:
    sock.do_handshake()
    verify_hostname(sock.get_peer_certificate(), hostname)
    # Do your super-secure stuff here.
except SSL.Error as e:
    print("TLS Handshake failed: {0!r}.".format(e.args[0]))
except VerificationError:
    print("Presented certificate is not valid for {0}.".format(hostname))
finally:
    sock.shutdown()
    sock.close()

Requirements

Python 2.6, 2.7, 3.2, and 3.3 as well as PyPy are supported.

Additionally, the following PyPI modules are required:

Optionally, idna can be used for internationalized domain names (IDN), aka non-ASCII domains. Please note, that idna is not available for Python 3.2 and is required because Python’s stdlib support is outdated.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for service_identity, version 0.1
Filename, size File type Python version Upload date Hashes
Filename, size service_identity-0.1-py2.py3-none-any.whl (17.9 kB) File type Wheel Python version 2.7 Upload date Hashes View
Filename, size service_identity-0.1.tar.gz (16.5 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page