server certificate validation

This commit is contained in:
Dima Tisnek
2013-11-24 23:43:30 +01:00
parent 1436d58caa
commit 1a4dac3671

View File

@@ -25,6 +25,7 @@ import socket
try: try:
import ssl import ssl
from ssl import SSLError from ssl import SSLError
from backports.ssl_match_hostname import match_hostname
HAVE_SSL = True HAVE_SSL = True
except ImportError: except ImportError:
# dummy class of SSLError for ssl none-support environment. # dummy class of SSLError for ssl none-support environment.
@@ -444,11 +445,11 @@ class WebSocket(object):
self.sock.connect((hostname, port)) self.sock.connect((hostname, port))
if is_secure: if is_secure:
if HAVE_SSL: if HAVE_SSL:
if self.sslopt is None: sslopt = dict(cert_reqs=ssl.CERT_REQUIRED,
sslopt = {} ca_certs=os.path.join(os.path.dirname(__file__), "cacert.pem"))
else: sslopt.update(self.sslopt)
sslopt = self.sslopt
self.sock = ssl.wrap_socket(self.sock, **sslopt) self.sock = ssl.wrap_socket(self.sock, **sslopt)
match_hostname(self.sock.getpeercert(), hostname)
else: else:
raise WebSocketException("SSL not available.") raise WebSocketException("SSL not available.")