[Twisted-Python] Creating a PKCS#11 Enabled SSL Proxy
I am in need of an ssl web proxy that can read a certificate off of a PKCS#11 device and then do client authentication using that certificate. I thought that twisted would be a great way to do this. I was wondering if anyone on this list has put anything like that together before. I have seen the tutorials and walkthroughs the outline the steps to create an http proxy using twisted, but not much about https and nothing about using a wrapper like pkcs11 or PyKCS11. I appreciate any direction that anyone can give.
On 02:13 am, athornton1974@gmail.com wrote:
Twisted currently provides SSL support exclusively based on the features of OpenSSL (via pyOpenSSL). So, if pyOpenSSL supports something, then you can probably do it with Twisted. pyOpenSSL doesn't currently support PKCS11 and it appears that OpenSSL itself needs to be patched and build specially to support it. So, with some effort you may be able to create something that satisfies your requirements, but there doesn't appear to be a working solution out of the box. This is just my assessment based on some familiarity with SSL and some searching around this morning; I've never tried to use PKCS11 myself. Jean-Paul
On 02:13 am, athornton1974@gmail.com wrote:
Twisted currently provides SSL support exclusively based on the features of OpenSSL (via pyOpenSSL). So, if pyOpenSSL supports something, then you can probably do it with Twisted. pyOpenSSL doesn't currently support PKCS11 and it appears that OpenSSL itself needs to be patched and build specially to support it. So, with some effort you may be able to create something that satisfies your requirements, but there doesn't appear to be a working solution out of the box. This is just my assessment based on some familiarity with SSL and some searching around this morning; I've never tried to use PKCS11 myself. Jean-Paul
participants (2)
-
Andrew Thornton -
exarkun@twistedmatrix.com