Mailman 3 [Twisted-Python] SSL Client Certificate support - Twisted - python.org

newer
[Twisted-Python] twisted in chroot

[Twisted-Python] SSL Client Certificate support

older
Re: [Twisted-Python] IRC client

Martin Waite

31 Dec 2003 31 Dec '03

10:26 p.m.

Hi, Does twisted support SSL Client certificates ? I can't see anywhere to plug the certificate into in the SSL ClientContextFactory. regards, Martin

Reply

Sign in to reply online Use email software

Show replies by date

Itamar Shtull-Trauring

31 Dec 31 Dec

10:34 p.m.

On Wed, 2003-12-31 at 11:56, Martin Waite wrote:

Does twisted support SSL Client certificates ?

Yep.

I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.

class MyClientContextFactory: """A context factory for SSL clients.""" isClient = 1 method = SSL.SSLv3_METHOD def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html

Reply

Sign in to reply online Use email software

Martin Waite

11:09 p.m.

On Wed, 2003-12-31 at 17:04, Itamar Shtull-Trauring wrote:

On Wed, 2003-12-31 at 11:56, Martin Waite wrote:

...
Does twisted support SSL Client certificates ?

Yep.

...
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.

class MyClientContextFactory: """A context factory for SSL clients."""

isClient = 1 method = SSL.SSLv3_METHOD

def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx

etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context.

Many thanks - this all works beautifully. regards, Martin

Reply

Sign in to reply online Use email software

Glyph Lefkowitz

1 Jan 1 Jan

11:53 a.m.

On Dec 31, 2003, at 12:39 PM, Martin Waite wrote:

Many thanks - this all works beautifully.

Easier might be from twisted.internet.ssl import DefaultOpenSSLContextFactory ctxfac = DefaultOpenSSLContextFactory(privkey, certfile) ctxfac.isClient = True I would like to discourage the use of context factories outside the default one unless absolutely necessary - the current notion of "context factory" is an ugly hack that requires direct access to the PyOpenSSL libraries. This will be harmful for future compatibility to, say, an upcoming Jython release with Java SSL support rather than OpenSSL. Changing something with "OpenSSL" in its name to be a Java SSL factory will certainly be an ugly workaround, but _less_ ugly than trying to fake out the actual PyOpenSSL API by stuffing sys.modules.

Reply

Sign in to reply online Use email software

7415

Age (days ago)

7416

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Glyph Lefkowitz
Itamar Shtull-Trauring
Martin Waite