startTLS: client-side verification of the certifi bundle

2019-02-11 16:37:30 +01:00 · 2019-02-11 16:37:30 +01:00 · 23f4d686f2
commit 23f4d686f2
parent 24cb681acd
1 changed files with 5 additions and 1 deletions
--- a/syncplay/client.py
+++ b/syncplay/client.py
@ -19,7 +19,7 @@ from twisted.application.internet import ClientService

 try:
    import certifi
-    from twisted.internet.ssl import optionsForClientTLS
+    from twisted.internet.ssl import Certificate, optionsForClientTLS
    os.environ['SSL_CERT_FILE'] = certifi.where()
 except:
    pass
@ -715,9 +715,13 @@ class SyncplayClient(object):
        port = int(port)
        self._endpoint = HostnameEndpoint(reactor, host, port)
        try:
+            caCertFP = open(certifi.where())
+            caCertTwisted = Certificate.loadPEM(caCertFP.read())
+            caCertFP.close()
            self.protocolFactory.options = optionsForClientTLS(hostname=host)
            self._clientSupportsTLS = True
        except Exception as e:
+            self.ui.showDebugMessage(str(e))
            self.protocolFactory.options = None
            self._clientSupportsTLS = False