* Fix to ServerSSLCertVerification so that it can pass a function-based callback instead of using __call__. In newer versions of OpenSSL the later failed because of a request for __name__ attribute. Instances don't have this but functions do.

 * Fixed imissing bracket typo in subj_alt_name causing syntax error.

Author: pjkersha

ndg/httpsclient/ssl_context_util.py

@@ -36,7 +36,7 @@ def make_ssl_context_from_config(ssl_config=False, url=None):
 
 
 def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
-                     verify_peer=False, url=None, method=SSL.SSLv23_METHOD,
+                     verify_peer=False, url=None, method=SSL.TLSv1_METHOD,
                      key_file_passphrase=None):
     """
     Creates SSL context containing certificate and key file locations.
@@ -87,5 +87,7 @@ def set_peer_verification_for_url_hostname(ssl_context, url,
     if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER):
         urlObj = urlparse.urlparse(url)
         hostname = urlObj.hostname
-        verify_callback = ServerSSLCertVerification(hostname=hostname)
-        ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)
+        server_ssl_cert_verif = ServerSSLCertVerification(hostname=hostname)
+        verify_callback_ = server_ssl_cert_verif.get_verify_server_cert_func()
+        ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback_)
+

ndg/httpsclient/ssl_peer_verification.py

@@ -155,6 +155,14 @@ def __call__(self, connection, peerCert, errorStatus, errorDepth,
         else:
             return preverifyOK
 
+    def get_verify_server_cert_func(self):
+         def verify_server_cert(connection, peerCert, errorStatus, errorDepth,
+                 preverifyOK):
+              return self.__call__(connection, peerCert, errorStatus,
+                                   errorDepth, preverifyOK)
+
+         return verify_server_cert
+
     @classmethod
     def _get_subj_alt_name(cls, peer_cert):
         '''Extract subjectAltName DNS name settings from certificate extensions

ndg/httpsclient/subj_alt_name.py

@@ -104,7 +104,7 @@ class AnotherName(univ.Sequence):
         namedtype.NamedType('type-id', univ.ObjectIdentifier()),
         namedtype.NamedType('value', univ.Any().subtype(
                             explicitTag=tag.Tag(tag.tagClassContext,
-                                                tag.tagFormatSimple, 0))
+                                                tag.tagFormatSimple, 0)))
         )