I'd like to check the CN of incoming certs for a xmlrpc server. I can't seen to find where to get the clients cert information. In the protocol.Protocol (in my case the http.HTTPCHannel) in the connectionMade() i put in a print self.transport.getPeerCertificate() but it returns a None. print self.transport.socket.get_peer_certificate() Does the same. I'm sure the client is connecting with a cert because its verifying it fine. I also have no idea where to check on client program to get the cert info of the server I'm connecting to. Eli Criffield --example-- #!/usr/bin/env python from twisted.web import xmlrpc, server, http, resource from twisted.internet import reactor, ssl from twisted.python.log import startLogging from sys import stdout import OpenSSL class Example(xmlrpc.XMLRPC): """An example object to be published.""" def xmlrpc_add(self, a, b): """Return sum of arguments.""" return a + b class myHTTPChannel(http.HTTPChannel): def connectionMade(self): print "connection from %s"%(self.transport.getHost().host,) # HERE i get no cert print self.transport.socket.get_peer_certificate() print self.transport.getPeerCertificate() self.setTimeout(self.timeOut) class mySite(server.Site): protocol = myHTTPChannel def makeSSLContext(myKey,trustedCA): '''Returns an ssl Context Object @param myKey a pem formated key and certifcate with for my current host the other end of this connection must have the cert from the CA that signed this key @param iTrustCA a pem formated certificat from a CA you trust you will only allow connections from clients signed by this CA and you will only allow connections to a server signed by this CA ''' fd = open(myKey,'r') theCert = ssl.PrivateCertificate.loadPEM(fd.read()) fd.close() fd = open(trustedCA,'r') theCA = ssl.Certificate.loadPEM(fd.read()) fd.close() ctx = theCert.options(theCA) # The SSL protocol to use, one of SSLv23_METHOD, SSLv2_METHOD, # SSLv3_METHOD, TLSv1_METHOD. Defaults to TLSv1_METHOD. ctx.method = ssl.SSL.TLSv1_METHOD # If True, verify certificates received from the peer and fail # the handshake if verification fails. Otherwise, allow anonymous # sessions and sessions with certificates which fail validation. ctx.verify = True # Depth in certificate chain down to which to verify. ctx.verifyDepth = 1 # If True, do not allow anonymous sessions. ctx.requireCertification = True # If True, do not re-verify the certificate on session resumption. ctx.verifyOnce = True # If True, generate a new key whenever ephemeral DH parameters are used # to prevent small subgroup attacks. ctx.enableSingleUseKeys = True # If True, set a session ID on each context. This allows a shortened # handshake to be used when a known client reconnects. ctx.enableSessions = True # If True, enable various non-spec protocol fixes for broken # SSL implementations. ctx.fixBrokenPeers = False return ctx if __name__ == '__main__': r = Example() ctx = makeSSLContext('server.pem','cacert.pem') reactor.listenSSL(7080,mySite(r),ctx) startLogging(stdout) reactor.run()