#
#   SSL test
#
#   John Nagle
#   February, 2015
#
#   This fails for "verisign.com", even though "verisign.com" has a valid cert in the file.
#
try :
    import httplib
except ImportError :
    import http.client as httplib
    
import socket
import ssl

#
#   dumpcertstore  -- dump all loaded certs
#
def dumpcertstore(context) :
    print("Certificates currently loaded:")
    for cert in context.get_ca_certs():
        print("Cert: %s" % (repr(cert),))               # dump dictionary
        print("")
#
#   testurlopen -- try to open a URL 
#
def testurlopen(host, certfile) :
    port = httplib.HTTPS_PORT                           # HTTPS for SSL
    sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    context = ssl.create_default_context(cafile=certfile)
    sock = context.wrap_socket(sk, server_hostname=host)             # wrap socket with SSL
    ##sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
    try: 
        sock.connect((host,port))                       # connect.
    except EnvironmentError as message :
        print("Connection to \"%s\" failed: %s." % (host, message))
        ##dumpcertstore(context)
        return False
    print("Connection to \"%s\" succeeded." % (host,))
    cert = sock.getpeercert()                           # get cert from other end, as dict.
    print("Cert information: %s" % (repr(cert),))           # dump cert
    return True

#
#   Test program
#
CERTFILE='cacert.pem'                                   # Trusted SSL certificate authorities from Mozilla
TESTDOMAINS= ["verisign.com", "www.verisign.com", "python.org", "google.com"]   # all have good SSL certs
  
def runtest() :
    print("SSL test, with OpenSSL version %s." % (ssl.OPENSSL_VERSION,))
    for host in TESTDOMAINS :
        testurlopen(host, CERTFILE)
        print("")
        
runtest()