[Twisted-Python] SSL Client Certificate support
![](https://secure.gravatar.com/avatar/3988e673b0e35f78706d2bf269b77c05.jpg?s=120&d=mm&r=g)
Hi, Does twisted support SSL Client certificates ? I can't see anywhere to plug the certificate into in the SSL ClientContextFactory. regards, Martin
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Wed, 2003-12-31 at 11:56, Martin Waite wrote:
Does twisted support SSL Client certificates ?
Yep.
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.
class MyClientContextFactory: """A context factory for SSL clients.""" isClient = 1 method = SSL.SSLv3_METHOD def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
On Dec 31, 2003, at 12:39 PM, Martin Waite wrote:
Many thanks - this all works beautifully.
Easier might be from twisted.internet.ssl import DefaultOpenSSLContextFactory ctxfac = DefaultOpenSSLContextFactory(privkey, certfile) ctxfac.isClient = True I would like to discourage the use of context factories outside the default one unless absolutely necessary - the current notion of "context factory" is an ugly hack that requires direct access to the PyOpenSSL libraries. This will be harmful for future compatibility to, say, an upcoming Jython release with Java SSL support rather than OpenSSL. Changing something with "OpenSSL" in its name to be a Java SSL factory will certainly be an ugly workaround, but _less_ ugly than trying to fake out the actual PyOpenSSL API by stuffing sys.modules.
![](https://secure.gravatar.com/avatar/d7875f8cfd8ba9262bfff2bf6f6f9b35.jpg?s=120&d=mm&r=g)
On Wed, 2003-12-31 at 11:56, Martin Waite wrote:
Does twisted support SSL Client certificates ?
Yep.
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.
class MyClientContextFactory: """A context factory for SSL clients.""" isClient = 1 method = SSL.SSLv3_METHOD def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
On Dec 31, 2003, at 12:39 PM, Martin Waite wrote:
Many thanks - this all works beautifully.
Easier might be from twisted.internet.ssl import DefaultOpenSSLContextFactory ctxfac = DefaultOpenSSLContextFactory(privkey, certfile) ctxfac.isClient = True I would like to discourage the use of context factories outside the default one unless absolutely necessary - the current notion of "context factory" is an ugly hack that requires direct access to the PyOpenSSL libraries. This will be harmful for future compatibility to, say, an upcoming Jython release with Java SSL support rather than OpenSSL. Changing something with "OpenSSL" in its name to be a Java SSL factory will certainly be an ugly workaround, but _less_ ugly than trying to fake out the actual PyOpenSSL API by stuffing sys.modules.
participants (3)
-
Glyph Lefkowitz
-
Itamar Shtull-Trauring
-
Martin Waite