How to use the nassl.X509_NAME_MISMATCH function in nassl

To help you get started, we’ve selected a few nassl examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github iSECPartners / sslyze / plugins / PluginCertInfo.py View on Github external
# First add the leaf certificate
        chainXml.append(self._format_cert_to_xml(x509Chain[0], 'leaf', self._shared_settings['sni']))

        # Then add every other cert in the chain
        for cert in x509Chain[1:]:
            chainXml.append(self._format_cert_to_xml(cert, 'intermediate', self._shared_settings['sni']))

        outputXml.append(chainXml)


        # XML output - trust
        trustXml = Element('certificateValidation')

        # Hostname validation
        hostValBool = 'False' if (x509Cert.matches_hostname(host) == X509_NAME_MISMATCH) \
                              else 'True'
        hostXml = Element('hostnameValidation', serverHostname = host,
                           certificateMatchesServerHostname = hostValBool)
        trustXml.append(hostXml)

        # Path validation - OK
        for (storeName, verifyStr) in verifyDict.iteritems():
            pathXmlAttrib = { 'usingTrustStore' : storeName,
                              'validationResult' : verifyStr}

            # EV certs - Only Mozilla supported for now
            if (verifyStr in 'ok') and ('Mozilla' in storeName):
                    pathXmlAttrib['isExtendedValidationCertificate'] = str(self._is_ev_certificate(x509Cert))

            trustXml.append(Element('pathValidation', attrib = pathXmlAttrib))