Skip to content
Snippets Groups Projects
Verified Commit 863b4360 authored by Tanner Prestegard's avatar Tanner Prestegard
Browse files

Generalizing CA path for certificate verification to settings

parent a2e2470d
No related branches found
No related tags found
No related merge requests found
......@@ -274,6 +274,9 @@ X509_ISSUER_DN_HEADER = 'HTTP_SSL_CLIENT_I_DN'
X509_CERT_HEADER = 'HTTP_X_FORWARDED_TLS_CLIENT_CERT'
X509_INFOS_HEADER = 'HTTP_X_FORWARDED_TLS_CLIENT_CERT_INFOS'
# Path to CA store for X509 certificate verification
CAPATH = '/etc/grid-security/certificates'
# List of authentication backends to use when attempting to authenticate
# a user. Will be used in this order. Authentication for the API is
# handled by the REST_FRAMEWORK dictionary.
......
......@@ -249,16 +249,14 @@ class GraceDbX509FullCertAuthentication(GraceDbX509Authentication):
return cert_der
def verify_certificate_chain(self, cert_data,
trusted_certs='/etc/grid-security/certificates'):
def verify_certificate_chain(self, cert_data, capath=settings.CAPATH):
# Load certificate data
certificate = OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_ASN1, cert_data)
# Set up context and get certificate store
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
ctx.load_verify_locations(None, capath=trusted_certs)
ctx.load_verify_locations(None, capath=capath)
store = ctx.get_cert_store()
# Verify certificate
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment