[hcs-d] how to validate ssl certificates correctly with python?

Zak Stone zstone at gmail.com
Sat Jan 28 23:11:21 EST 2012

> Urllib2 is a pretty incomplete and awkward HTTP library.  I would suggest Requests.
> http://docs.python-requests.org/en/latest/index.html

Thanks, Ted! I had checked out Requests, but it looked like it just
backports the match_hostname from Python 3.2, and I wasn't sure that
would check basicConstraints properly in certificate chains:


> A few people are trying to fix this with a "hitchhiker's guide to Python."
> http://docs.python-guide.org/en/latest/index.html

Thanks for sharing this as well; I hope it fills in over time.


> On Jan 28, 2012, at 10:50 PM, Zak Stone wrote:
>> Hello everyone,
>> I would like to allow a Python client to communicate securely via
>> HTTPS with a server I control that has a valid SSL certificate.
>> Unfortunately, it turns out that the relevant standard library
>> functions in Python 2.x do not attempt to validate a server's SSL
>> certificate _at all_, as you can see from the warnings in the
>> documentation below, which means that these functions are vulnerable
>> to man-in-the-middle attacks:
>> http://docs.python.org/library/urllib.html
>> http://docs.python.org/library/urllib2.html
>> The folks at Stack Overflow suggest a variety of work-arounds,
>> including backporting the match_hostname function that was added to
>> the ssl module in Python 3.2:
>> http://stackoverflow.com/questions/1087227/validate-ssl-certificates-with-python
>> More detailed information is available from the fellow who currently
>> maintains M2Crypto:
>> http://www.heikkitoivonen.net/blog/2010/08/23/ssl-in-python-2-7/
>> http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/
>> http://chandlerproject.org/Projects/MeTooCrypto
>> However, security is complicated, and I find the history of
>> catastrophic security failures caused by incorrect usage of TLS/SSL
>> sufficiently disturbing to seek expert advice. For example, it appears
>> that iOS allowed transparent man-in-the-middle decryption of encrypted
>> transmissions until last July:
>> http://blog.spiderlabs.com/2011/07/twsl2011-007-ios-ssl-implementation-does-not-validate-certificate-chain.html
>> https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
>> http://blog.recurity-labs.com/archives/2011/07/26/cve-2011-0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/
>> http://support.apple.com/kb/HT4824
>> http://support.apple.com/kb/HT4825
>> This particular attack centered around Apple's failure to check the
>> "Basic Constraints" (or basicConstraints) fields in certificate
>> chains. This problem has surfaced before as well -- Moxie Marlinspike
>> seems to have found a similar vulnerability in Internet Explorer in
>> _2002_:
>> http://www.thoughtcrime.org/ie-ssl-chain.txt
>> Unfortunately, it isn't obvious to me whether the use of
>> match_hostname or M2Crypto in Python will prevent this Basic
>> Constraints attack, and it is even more difficult to determine whether
>> the Python approaches to certificate validation referenced above cover
>> other known exploits.
>> Would anyone be so kind as to share the Right Way for a Python client
>> to communicate securely with a server over HTTPS?
>> Many thanks,
>> Zak
>> _______________________________________________
>> hcs-discuss mailing list
>> hcs-discuss at lists.hcs.harvard.edu
>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss

More information about the hcs-discuss mailing list