[Twisted-Python] https server example with client certs for twisted
H, I'd like to implement a small https twisted server, which can wrap a wsgi module and which can verify client certificates I am able to do this with apache, but would like to do the same with twisted. What I have running is following. The #!/bin/sh certfile=mycert.crt keyfile=mycert.key wsgi_module=tw_wrapper.application twistd -n web --https 4433 \ --certificate $certfile --privkey $keyfile \ --wsgi $wsgi_module I wondered where I could find any good example code implementing a web server with client certificate authentication ( and ideally with a subsequent wsgi module) TIA
On 11 Jul, 07:02 pm, gelonida@gmail.com wrote:
H,
I'd like to implement a small https twisted server,
which can wrap a wsgi module and which can verify client certificates
I am able to do this with apache, but would like to do the same with twisted.
What I have running is following.
The
#!/bin/sh certfile=mycert.crt keyfile=mycert.key wsgi_module=tw_wrapper.application
twistd -n web --https 4433 \ --certificate $certfile --privkey $keyfile \ --wsgi $wsgi_module
I wondered where I could find any good example code implementing a web server with client certificate authentication ( and ideally with a subsequent wsgi module)
Twisted uses pyOpenSSL to support HTTPS. You can read a bit about the basic SSL customization APIs in Twisted here: http://twistedmatrix.com/documents/current/core/howto/ssl.html And you can read more about the underlying pyOpenSSL APIs here: http://packages.python.org/pyOpenSSL/ In particular, you're probably interested in customizing a Context instance: http://packages.python.org/pyOpenSSL/openssl-context.html So that it requires and validates a peer certificate. Unfortunately, we haven't yet made this level of customization available directly from the "twistd" command line, so you'll have to switch from using the "twistd web" command to something like a tac file: http://twistedmatrix.com/documents/current/core/howto/application.html You'll be able to set up the same kind of web server created by "twistd web", but you'll have to invoke some of the service APIs, such as SSLServer. You can find an example of this sort of thing midway through the finger tutorial: http://twistedmatrix.com/documents/current/core/howto/tutorial/factory.html#... Jean-Paul
participants (2)
-
exarkun@twistedmatrix.com
-
Gelonida