[ooni-dev] Testing HTTPS URLs and certificate chain
meejah
meejah at meejah.ca
Mon Jun 22 17:45:16 UTC 2015
David Fifield <david at bamsoftware.com> writes:
> I'm less sure about how to get the certificate chain. I did some
> searching and didn't find a way to get the certificate chain from the
> twisted.web.client.Agent that templates/httpt.py uses (maybe you provide
> it a twisted.internet.ssl.ContextFactory somehow?).
There's probably a better way, but there is some code in "carml" which
does verification of certificate-chains and might give you some hints:
https://github.com/meejah/carml/blob/master/carml/command/downloadbundle.py#L59
(As the FIXME above this says, I believe Twisted >= 14 can do that too
out of the box). With the above, extracting the chain would involve
registering an OpenSSL callback and recording the cert for each depth --
perhaps there is an easier way in newer Twisted releases.
HTH,
--
meejah
More information about the ooni-dev
mailing list