From 6402eeefc18c47b7dceea5e0dda0b8aeec6719bd Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 10 Apr 2015 15:42:03 +0200
Subject: Verify SSL certificates and hostnames in python code Closes
 CATLFISH-34

---
 tools/certtools.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'tools/certtools.py')

diff --git a/tools/certtools.py b/tools/certtools.py
index 498a2e0..405aabd 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -88,12 +88,24 @@ def get_root_cert(issuer):
 
     return root_cert
 
-def urlopen(url, data=None):
+class sslparameters:
+    sslcontext = None
+
+def create_ssl_context(cafile=None):
     try:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.SSLContext(ssl.PROTOCOL_TLSv1)))
+        sslparameters.sslcontext = ssl.create_default_context(cafile=cafile)
     except AttributeError:
+        sslparameters.sslcontext = None
+
+def get_opener():
+    try:
+        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=sslparameters.sslcontext))
+    except TypeError:
         opener = urllib2.build_opener(urllib2.HTTPSHandler())
-    return opener.open(url, data)
+    return opener
+
+def urlopen(url, data=None):
+    return get_opener().open(url, data)
 
 def get_sth(baseurl):
     result = urlopen(baseurl + "ct/v1/get-sth").read()
@@ -238,10 +250,7 @@ def check_auth_header(authheader, expected_key, publickeydir, data, path):
     return True
 
 def http_request(url, data=None, key=None, verifynode=None, publickeydir="."):
-    try:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.SSLContext(ssl.PROTOCOL_TLSv1)))
-    except AttributeError:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler())
+    opener = get_opener()
 
     (keyname, keyfile) = key
     privatekey = get_eckey_from_file(keyfile)
-- 
cgit v1.1