[Twisted-Python] SSL Client Certificate support
Hi, Does twisted support SSL Client certificates ? I can't see anywhere to plug the certificate into in the SSL ClientContextFactory. regards, Martin
On Wed, 2003-12-31 at 11:56, Martin Waite wrote:
Does twisted support SSL Client certificates ?
Yep.
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.
class MyClientContextFactory: """A context factory for SSL clients.""" isClient = 1 method = SSL.SSLv3_METHOD def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html
On Wed, 2003-12-31 at 17:04, Itamar Shtull-Trauring wrote:
On Wed, 2003-12-31 at 11:56, Martin Waite wrote:
Does twisted support SSL Client certificates ?
Yep.
I can't see anywhere to plug the certificate into in the SSL ClientContextFactory.
class MyClientContextFactory: """A context factory for SSL clients."""
isClient = 1 method = SSL.SSLv3_METHOD
def getContext(self): ctx = SSL.Context(self.method) ctx.use_certificate_file(self.certificateFileName) ctx.use_privatekey_file(self.privateKeyFileName) return ctx
etc.. I suggest reading pyOpenSSL docs for OpenSSL.SSL.Context.
Many thanks - this all works beautifully. regards, Martin
On Dec 31, 2003, at 12:39 PM, Martin Waite wrote:
Many thanks - this all works beautifully.
Easier might be from twisted.internet.ssl import DefaultOpenSSLContextFactory ctxfac = DefaultOpenSSLContextFactory(privkey, certfile) ctxfac.isClient = True I would like to discourage the use of context factories outside the default one unless absolutely necessary - the current notion of "context factory" is an ugly hack that requires direct access to the PyOpenSSL libraries. This will be harmful for future compatibility to, say, an upcoming Jython release with Java SSL support rather than OpenSSL. Changing something with "OpenSSL" in its name to be a Java SSL factory will certainly be an ugly workaround, but _less_ ugly than trying to fake out the actual PyOpenSSL API by stuffing sys.modules.
participants (3)
-
Glyph Lefkowitz
-
Itamar Shtull-Trauring
-
Martin Waite