Add ability to provide a stack of untrusted certificates to aid verification
tomato42 opened this issue · 0 comments
Hi, I'm trying to (ab)use your module to do verification of certificate that needs additional certificates in the chain. For that, I've wrapped around your module, adding a new validate_certificate function (note the new chain
variable):
class Context(SSL.Context):
def validate_certificate(self, cert, chain=None):
"""
Validate a certificate using this SSL Context
"""
store_ctx = X509.X509_Store_Context(_m2ext.x509_store_ctx_new(), _pyfree=1)
_m2ext.x509_store_ctx_init(store_ctx.ctx,
self.get_cert_store().store,
cert.x509, chain.stack)
rc = _m2ext.x509_verify_cert(store_ctx.ctx)
if rc < 0:
raise SSL.SSLError("Empty context")
return rc != 0
The problem is that when I pass the M2Crypto X509.X509_Stack object in as the chain, I'm getting a TypeError:
TypeError: in method 'x509_store_ctx_init', argument 4 of type 'STACK *'
I'm guessing it's because of your SWIG contract (dunno if that's what they are called :) ) which first defines it as STACK *
but I'm able to pass only a STACK_OF(X509)
.
I've made a branch which changes the STACK to STACK_OF(X509) that seems to be working correctly:
https://github.com/tomato42/m2ext/tree/extended_ctx_init