Skip to content

Instantly share code, notes, and snippets.

@packetlss
Forked from bretwalker/ssl_validator.py
Created April 19, 2013 15:29
Show Gist options
  • Save packetlss/5421107 to your computer and use it in GitHub Desktop.
Save packetlss/5421107 to your computer and use it in GitHub Desktop.
from M2Crypto import SSL
from M2Crypto.SSL.Checker import SSLVerificationError, NoCertificate, WrongCertificate, WrongHost
import socket, re
from datetime import datetime
import pytz
class ValidationResults:
def __init__(self):
self.connection_error = False
self.no_certificate = False
self.wrong_certificate = False
self.wrong_host = False
self.certificate_expired = False
self.expiration_date = None
self.unknown_error = False
self.inner_exception = None
def __str__(self):
return """
Connection error:\t%s
No certificate:\t\t%s
Wrong certificate:\t%s
Wrong host:\t\t%s
Certificate expired:\t%s
Expiration date:\t%s
Unknown error:\t\t%s
Inner exception:\t%s
""" % (self.connection_error,
self.no_certificate,
self.wrong_certificate,
self.wrong_host,
self.certificate_expired,
self.expiration_date,
self.unknown_error,
self.inner_exception,)
class Validator:
numericIpMatch = re.compile('^[0-9]+(\.[0-9]+)*$')
valid_hostname = False
def __init__(self):
pass
def __call__(self, hostname, get_cert_from, port):
val_results = ValidationResults()
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
cxt = SSL.Context()
cxt.set_verify(SSL.verify_none, depth=1)
SSL.Connection.clientPostConnectionCheck = None # we'll verify things later manually!
try:
c = SSL.Connection(cxt, sock)
c.connect((get_cert_from, port))
cert = c.get_peer_cert()
except Exception, e:
# socket connection
val_results.connection_error = True
val_results.inner_exception = e
return val_results
# NoCertificate WrongCertificate WrongHost ValueError
try:
c = SSL.Checker.Checker(hostname)
print 'Hostname matches: ' + str(c(cert))
except NoCertificate:
val_results.no_certificate = True
except WrongCertificate:
val_results.wrong_certificate = True
except WrongHost:
val_results.wrong_host = True
except Exception, e:
val_results.unknown_error = True
val_results.inner_exception = e
if cert.get_not_after().get_datetime() <= datetime.now(tz=pytz.utc):
val_results.certificate_expired = True
val_results.expiration_date = cert.get_not_after().get_datetime()
return val_results
if __name__ == '__main__':
get_cert_from = 'imap.gmail.com'
hostname = 'imap.gmail.com'
port = 993
v = Validator()
print v(hostname, get_cert_from, port)
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment