def cert_check(conn,cert,errnum,depth,ok):
print 'Got cert',cert.get_subject()
return ok
Server:
ctx = SSL.context(SSL.TLSv1_METHOD)
ctx.set_verify(SSL.VERIFY_PEER,verify_cb)
ctx.use_private_key_file('server.key')
ctx.use_certificate_file('server.crt')
ctx.load_verify_locations('ca.crt')
Client:
ctx = SSL.context(SSL.TLSv1_METHOD)
ctx.set_verify(SSL.VERIFY_PEER,verify_cb)
ctx.use_private_key_file('client.key')
ctx.use_certificate_file('client.crt')
ctx.load_verify_locations('ca.crt')
How is it that on both client and server side, I get two certificates. One with no CommonName and one with the correct CommonName= myownserver.com/myownclient.com
All the aforementioned files have just one key/certificate. Also, I am guessing that the first printed certificate is the ca.crt because it is the only certificate without any CommonName. But why would that happen?
This depends on the depth that has been set for verification.
From the man pages
the maximum depth for the certificate chain verification that shall be allowed for the current context. Also, depth's default value is 9.