Fix server auth

svn path=/scripts/http-client.py; revision=840

1 files changed, 8 insertions, 14 deletions

diff --git a/scripts/http-client.py b/scripts/http-client.py
index 35091f26..02af3659 100644
--- a/scripts/http-client.py
+++ b/scripts/http-client.py
@@ -15,21 +15,15 @@ f = open("biz-certs/Dave-EE.key", "r")
 privateKey = tlslite.api.parsePEMKey(f.read(), private=True)
 f.close()
 
-# There doesn't seem to be any existing OpenSSL-based python HTTPS
-# client which bothers to check the server's certificate.  tlslite
-# does check, but only when it's using cryptlib...which doesn't
-# compile on FreeBSD this week due to a completely unrelated symbol
-# collision with another FreeBSD package (don't ask).
-#
-# The mechanism that requires cryptlib is the x509TrustList parameter to
-# tlslite.api.HTTPTLSConnection(), which looks just about perfect other
-# than requiring cryptlib.   Not sure how much work it would be to get
-# this to work with M2Crypto (would help if M2Crypto were documented).
-#
-# For the moment, just punt on the issue, as this is test code.  In
-# production this would be a problem.
+x509TrustList = []
+for file in ("biz-certs/Alice-Root.cer", "biz-certs/Bob-Root.cer", "biz-certs/Carol-Root.cer"):
+  f = open(file, "r")
+  x509 = tlslite.api.X509()
+  x509.parse(f.read())
+  f.close()
+  x509TrustList.append(x509)
 
-https = tlslite.api.HTTPTLSConnection(host="localhost", port=8080, certChain=certChain, privateKey=privateKey)
+https = tlslite.api.HTTPTLSConnection(host="localhost", port=4433, certChain=certChain, privateKey=privateKey, x509TrustList=x509TrustList)
 
 https.connect()
 https.request("POST", "/", "This is a test.  This is only a test.  Had this been real you would now be really confused.\n", {"Content-Type":"application/wombat"})