Turn SSLchecking off in M2Crypto in Python
Is there a way to turn off SSL checking so that WrongHost Exceptions are not generated when using SOAPpy in 开发者_运维技巧python.
You can disable all peer certificate checks in M2Crypto like that:
from M2Crypto import SSL, httpslib
context = SSL.Context("sslv3")
# Disable certificate checking
context.set_verify(0, depth = 0)
connection = httpslib.HTTPSConnection("somehostname", 443, ssl_context=context)
# Hack (!!!) for disabling host name check <CN> == <expected host name>.
# Will affect any future SSL connections made by M2Crypto!
SSL.Connection.postConnectionCheck = None
connection.connect() # <-- this would normally raise SSL verification errors
connection.request("GET", "/")
...
I hope you're aware that this will essentially disable security for any SSL connection created with M2Crypto. So this isn't recommendable at all, except if you're only communicating with one server and think that the man-in-the-middle risk is more acceptable than having unencrypted HTTP.
So far for the M2Crypto solution, but as your question (as opposed to your title) asks for SOAPpy (which I haven't used yet), the solution might be different because the SOAPpy config seems to use the socket
module instead of M2Crypto.SSL
(see line 132). I don't know how to prevent the socket.ssl
module to check host names.
Expanding on AndiDog's answer, you can set postConnectionCheck on a instance-by-instance basis and in version 0.21.1 (at least) of M2Crypto, there is the Connect.set_post_connection_check_callback()
method to do so:
sslsock = M2Crypto.SSL.Connection(sslcontext)
# Disable checking of server certificates
sslsock.set_post_connection_check_callback(None)
Note that disables both checking of connected to servers and accepted clients (the latter is disabled by default).
The parameter, if not None, is a function that takes a certificate and address, i.e.:
check(self.get_peer_cert(), self.addr[0])
For reference, see the M2Crypto source.
精彩评论