Verify SSL certificates and hostnames in python codesslverify

Closes CATLFISH-34

1 files changed, 16 insertions, 7 deletions

diff --git a/tools/certtools.py b/tools/certtools.py
index 498a2e0..405aabd 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -88,12 +88,24 @@ def get_root_cert(issuer):
 
     return root_cert
 
-def urlopen(url, data=None):
+class sslparameters:
+    sslcontext = None
+
+def create_ssl_context(cafile=None):
     try:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.SSLContext(ssl.PROTOCOL_TLSv1)))
+        sslparameters.sslcontext = ssl.create_default_context(cafile=cafile)
     except AttributeError:
+        sslparameters.sslcontext = None
+
+def get_opener():
+    try:
+        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=sslparameters.sslcontext))
+    except TypeError:
         opener = urllib2.build_opener(urllib2.HTTPSHandler())
-    return opener.open(url, data)
+    return opener
+
+def urlopen(url, data=None):
+    return get_opener().open(url, data)
 
 def get_sth(baseurl):
     result = urlopen(baseurl + "ct/v1/get-sth").read()
@@ -238,10 +250,7 @@ def check_auth_header(authheader, expected_key, publickeydir, data, path):
     return True
 
 def http_request(url, data=None, key=None, verifynode=None, publickeydir="."):
-    try:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.SSLContext(ssl.PROTOCOL_TLSv1)))
-    except AttributeError:
-        opener = urllib2.build_opener(urllib2.HTTPSHandler())
+    opener = get_opener()
 
     (keyname, keyfile) = key
     privatekey = get_eckey_from_file(keyfile)