dalf/service_identity_test.py

## service_identity_test.py
from __future__ import absolute_import, division, print_function

import socket

from OpenSSL import SSL
from service_identity import VerificationError
from service_identity.pyopenssl import verify_hostname


def _verify_callback(conn, cert, errno, depth, ok):
   print('cert.subject.name=', cert.get_subject().commonName)
   for i in range(0, cert.get_extension_count()):
      ex = cert.get_extension(i)
      if ex.get_short_name() == b'subjectAltName':
         print('  subjectAltName=', str(ex))
   return ok


def check_hostname(hostname):
   print('* Checking ', hostname)
   ctx = SSL.Context(SSL.TLSv1_2_METHOD)
   ctx.set_verify(SSL.VERIFY_PEER, _verify_callback)
   ctx.set_default_verify_paths()

   conn = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
   conn.connect((hostname, 443))

   try:
      conn.do_handshake()
      verify_hostname(conn, hostname)
      # Do your super-secure stuff here.
      print('Connected')
   except SSL.Error as e:
      print("SSL error {0}".format(str(e)))
      return False
   except VerificationError as e:
      print(e)
      print("Presented certificate is not valid for {0}.".format(hostname))
      return False
   except Exception as e:
      print(e)
      return False
   finally:
      try:
         conn.shutdown()
         conn.close()
      except Exception as e:
         pass
   return True


ok_list = [
   ('twistedmatrix.com', True),
   ('www.lemonde.fr', True),
   ('linuxfr.org', True),
   ('twitter.com', True),
   ('mozilla-old.badssl.com', True),
   ('mozilla-intermediate.badssl.com', True),
   ('mozilla-modern.badssl.com', True),
]

cert_error_list = [
   ('expired.badssl.com', False),
   ('wrong.host.badssl.com', False),
   ('self-signed.badssl.com', False),
   ('untrusted-root.badssl.com', False),
   ('revoked.badssl.com', False),
   ('pinning-test.badssl.com', False),
]

cert_bad_list = [
   ('superfish.badssl.com', False),
   ('edellroot.badssl.com', False),
   ('dsdtestprovider.badssl.com', False),
   ('preact-cli.badssl.com', False),
   ('webpack-dev-server.badssl.com', False),
]

dh_list = [
   ('dh480.badssl.com', False),
   ('dh512.badssl.com', False),
   ('dh1024.badssl.com', False),
]

cipher_list = [
   ('rc4.badssl.com', False),
   ('rc4-md5.badssl.com', False),
   ('null.badssl.com', False),
   ('invalid-expected-sct.badssl.com', False),
]

sha_list = [
   ('sha1-intermediate.badssl.com', False),
   ('sha256.badssl.com', True),
]

# check_list = ok_list + cert_error_list + cert_bad_list + dh_list + cipher_list + sha_list
check_list = ok_list + cert_error_list

for i in check_list:
   print('')
   try:
      if check_hostname(i[0]) == i[1]:
         print('✔️  OK')
      else:
         print('❌  FAIL !')
   except Exception as e:
      print('❌  FAIL WITH EXCEPTION', str(e))
	from __future__ import absolute_import, division, print_function

	import socket

	from OpenSSL import SSL
	from service_identity import VerificationError
	from service_identity.pyopenssl import verify_hostname


	def _verify_callback(conn, cert, errno, depth, ok):
	print('cert.subject.name=', cert.get_subject().commonName)
	for i in range(0, cert.get_extension_count()):
	ex = cert.get_extension(i)
	if ex.get_short_name() == b'subjectAltName':
	print(' subjectAltName=', str(ex))
	return ok


	def check_hostname(hostname):
	print('* Checking ', hostname)
	ctx = SSL.Context(SSL.TLSv1_2_METHOD)
	ctx.set_verify(SSL.VERIFY_PEER, _verify_callback)
	ctx.set_default_verify_paths()

	conn = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
	conn.connect((hostname, 443))

	try:
	conn.do_handshake()
	verify_hostname(conn, hostname)
	# Do your super-secure stuff here.
	print('Connected')
	except SSL.Error as e:
	print("SSL error {0}".format(str(e)))
	return False
	except VerificationError as e:
	print(e)
	print("Presented certificate is not valid for {0}.".format(hostname))
	return False
	except Exception as e:
	print(e)
	return False
	finally:
	try:
	conn.shutdown()
	conn.close()
	except Exception as e:
	pass
	return True


	ok_list = [
	('twistedmatrix.com', True),
	('www.lemonde.fr', True),
	('linuxfr.org', True),
	('twitter.com', True),
	('mozilla-old.badssl.com', True),
	('mozilla-intermediate.badssl.com', True),
	('mozilla-modern.badssl.com', True),
	]

	cert_error_list = [
	('expired.badssl.com', False),
	('wrong.host.badssl.com', False),
	('self-signed.badssl.com', False),
	('untrusted-root.badssl.com', False),
	('revoked.badssl.com', False),
	('pinning-test.badssl.com', False),
	]

	cert_bad_list = [
	('superfish.badssl.com', False),
	('edellroot.badssl.com', False),
	('dsdtestprovider.badssl.com', False),
	('preact-cli.badssl.com', False),
	('webpack-dev-server.badssl.com', False),
	]

	dh_list = [
	('dh480.badssl.com', False),
	('dh512.badssl.com', False),
	('dh1024.badssl.com', False),
	]

	cipher_list = [
	('rc4.badssl.com', False),
	('rc4-md5.badssl.com', False),
	('null.badssl.com', False),
	('invalid-expected-sct.badssl.com', False),
	]

	sha_list = [
	('sha1-intermediate.badssl.com', False),
	('sha256.badssl.com', True),
	]

	# check_list = ok_list + cert_error_list + cert_bad_list + dh_list + cipher_list + sha_list
	check_list = ok_list + cert_error_list

	for i in check_list:
	print('')
	try:
	if check_hostname(i[0]) == i[1]:
	print('✔️ OK')
	else:
	print('❌ FAIL !')
	except Exception as e:
	print('❌ FAIL WITH EXCEPTION', str(e))