Mailman 3 [Twisted-Python] SSL Client Certificate support - Twisted - python.org

newer
[Twisted-Python] twisted in chroot

[Twisted-Python] SSL Client Certificate support

older
Re: [Twisted-Python] IRC client

Martin Waite

31 Dec 2003 31 Dec '03

10:56 a.m.

Hi,

Does twisted support SSL Client certificates ?

I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.

regards, Martin

Reply

Show replies by date

Itamar Shtull-Trauring

31 Dec 31 Dec

11:04 a.m.

On Wed, 2003-12-31 at 11:56, Martin Waite wrote:

Does twisted support SSL Client certificates ?

Yep.

I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.

class MyClientContextFactory: """A context factory for SSL clients."""

isClient = 1 method = SSL.SSLv3_METHOD

def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx

etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context.

-- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html

Reply

Martin Waite

11:39 a.m.

On Wed, 2003-12-31 at 17:04, Itamar Shtull-Trauring wrote:

On Wed, 2003-12-31 at 11:56, Martin Waite wrote:

...
Does twisted support SSL Client certificates ?

Yep.

...
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.

class MyClientContextFactory: """A context factory for SSL clients."""
isClient = 1
method = SSL.SSLv3_METHOD

def getContext(self):
    ctx = SSL.Context(self.method)
    ctx.use_certificate_file(self.certificateFileName)
    ctx.use_privatekey_file(self.privateKeyFileName)
    return ctx
etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context.

Many thanks - this all works beautifully.

regards, Martin

Reply

Glyph Lefkowitz

1 Jan 1 Jan

12:23 a.m.

On Dec 31, 2003, at 12:39 PM, Martin Waite wrote:

Many thanks - this all works beautifully.

Easier might be

from twisted.internet.ssl import DefaultOpenSSLContextFactory ctxfac = DefaultOpenSSLContextFactory(privkey, certfile) ctxfac.isClient = True

I would like to discourage the use of context factories outside the default one unless absolutely necessary - the current notion of "context factory" is an ugly hack that requires direct access to the PyOpenSSL libraries. This will be harmful for future compatibility to, say, an upcoming Jython release with Java SSL support rather than OpenSSL.

Changing something with "OpenSSL" in its name to be a Java SSL factory will certainly be an ugly workaround, but _less_ ugly than trying to fake out the actual PyOpenSSL API by stuffing sys.modules.

Reply

7211

Age (days ago)

7212

Last active (days ago)

Download

3 comments

3 participants

tags (0)

participants (3)

Glyph Lefkowitz
Itamar Shtull-Trauring
Martin Waite