Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
# First add the leaf certificate
chainXml.append(self._format_cert_to_xml(x509Chain[0], 'leaf', self._shared_settings['sni']))
# Then add every other cert in the chain
for cert in x509Chain[1:]:
chainXml.append(self._format_cert_to_xml(cert, 'intermediate', self._shared_settings['sni']))
outputXml.append(chainXml)
# XML output - trust
trustXml = Element('certificateValidation')
# Hostname validation
hostValBool = 'False' if (x509Cert.matches_hostname(host) == X509_NAME_MISMATCH) \
else 'True'
hostXml = Element('hostnameValidation', serverHostname = host,
certificateMatchesServerHostname = hostValBool)
trustXml.append(hostXml)
# Path validation - OK
for (storeName, verifyStr) in verifyDict.iteritems():
pathXmlAttrib = { 'usingTrustStore' : storeName,
'validationResult' : verifyStr}
# EV certs - Only Mozilla supported for now
if (verifyStr in 'ok') and ('Mozilla' in storeName):
pathXmlAttrib['isExtendedValidationCertificate'] = str(self._is_ev_certificate(x509Cert))
trustXml.append(Element('pathValidation', attrib = pathXmlAttrib))