Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL server certificate validation #2

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

SSL server certificate validation #2

wants to merge 4 commits into from

Conversation

asieira
Copy link

@asieira asieira commented Feb 25, 2014

Added code to allow the DNSDB client to:

  • Optionally perform browser-like validation of the SSL certificate presented by a server;
  • Allow optional provision of explicit list of certificates to accept (typically self-signed certificates).

Also updated the configuration file reader to allow for two new variables VERIFY and CA_BUNDLE to use the new functionality.

Was able to implement this with very little code by migrating from urllib2 to requests for HTTP queries.

@asieira
Reimplemented with python-requests
6e73273 
Replaced usage of `urllib2` with `requests`, using explicit option to
disable SSL certificate validation (for now).
@asieira
Certificate validation with pinning
01cabc2 
Implemented two new options on the configuration file:
* `VERIFY`: if true, will make the server certificate be validated as a
browser would. Defaults to no validation for backwards compatibility
with previous version.
* `CA_BUNDLE`: path to file containing additional certificate(s) to
consider valid, such as a self-signed certificate used by your server.
@asieira
Moved verify option to DnsdbClient class
9dc937f 
Following structure of previous code, which allows different
DnsdbClient instances to behave differently if the class is ever used
by more complex code.
@asieira
Fix to handling errors (non-200 status code)
7efd5fa
@hstern hstern self-assigned this Feb 26, 2014
@hstern
Copy link
Contributor

hstern commented Feb 26, 2014

Thank you for your contribution. As this PR introduces a new dependency we will need to consider it carefully before we merge.

@asieira
Copy link
Author

asieira commented Feb 26, 2014

Of course. It's a pleasure to help.

Please let me know if you have any comments on the code since I'm rather new to Python and would love to learn about any mistakes I might have made. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hstern hstern

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asieira @hstern