[ooni-dev] Testing HTTPS URLs and certificate chain
aagbsn at extc.org
Sun Jun 28 14:38:15 UTC 2015
On 2015-06-22 17:45, meejah wrote:
> David Fifield <david at bamsoftware.com> writes:
>> I'm less sure about how to get the certificate chain. I did some
>> searching and didn't find a way to get the certificate chain from the
>> twisted.web.client.Agent that templates/httpt.py uses (maybe you
>> it a twisted.internet.ssl.ContextFactory somehow?).
The openssl python bindings are garbage and broken. Here is how I did
> There's probably a better way, but there is some code in "carml" which
> does verification of certificate-chains and might give you some hints:
> (As the FIXME above this says, I believe Twisted >= 14 can do that too
> out of the box). With the above, extracting the chain would involve
> registering an OpenSSL callback and recording the cert for each depth
> perhaps there is an easier way in newer Twisted releases.
Would really hope so, but think it's an OpenSSL thing. Also note that
settings the cipher suites doesn't seem to really do anything either...
:( :( :(
More information about the ooni-dev