SSL security authorization?

Anand Pillai pythonguy at Hotpop.com
Mon Oct 20 10:43:53 EDT 2003 

Oh sure, I will. Glad to, in fact. :-)

I will post my results in this thread.

Thanks John.

-Anand

jjl at pobox.com (John J. Lee) wrote in message news:<874qy5xpvy.fsf at pobox.com>...
> [I posted this yesterday, but it and the original post seem to have
> mysteriously vanished, so I'm reposting (in somewhat more terse form).
> Seems to have happened several times recently, dunno why...]
> 
> Anand Pillai wrote:
> > The current HTTPSHandler in urllib2 does not handle
> > SSL certificate validation. These are used by websites
> > for validation of users, instead of raw HTTP password
> > validation, which is supported by HTTPBasicAuthHandler.
> 
> Correct.
> 
> 
> > How about adding an HTTPSPasswordMgr handler to urllib2
> > which does HTTPS authorization by using the SSL certificates? 
> > I am not sure of the details of how this is done, but it
> > sounds like it will be useful. 
> [...]
> 
> Agreed.  urllib already does it.  Untested patch below.  I'm not
> submitting it to SF because I can't easily test it (setting up local
> servers is a bore).  If you can test it yourself, please do submit it.
> 
> BTW Anand, if you regularly use proxies, client authentication etc,
> could you also check out these doc bugs?
> 
> http://www.python.org/sf/798244
> http://www.python.org/sf/793553
> 
> 
> --- urllib2.py.orig	Sat Oct 18 19:30:15 2003
> +++ urllib2.py	Sat Oct 18 19:35:26 2003
> @@ -800,12 +800,13 @@
>      # XXX Should rewrite do_open() to use the new httplib interface,
>      # would would be a little simpler.
>  
> -    def do_open(self, http_class, req):
> +    def do_open(self, req, http_class, key_file=None, cert_file=None):
>          host = req.get_host()
>          if not host:
>              raise URLError('no host given')
>  
> -        h = http_class(host) # will parse host:port
> +        h = http_class(host,  # will parse host:port
> +                       key_file=key_file, cert_file=cert_file)
>          if req.has_data():
>              data = req.get_data()
>              h.putrequest('POST', req.get_selector())
> @@ -846,14 +847,24 @@
>  class HTTPHandler(AbstractHTTPHandler):
>  
>      def http_open(self, req):
> -        return self.do_open(httplib.HTTP, req)
> +        return self.do_open(req, httplib.HTTP)
>  
>  
>  if hasattr(httplib, 'HTTPS'):
>      class HTTPSHandler(AbstractHTTPHandler):
>  
>          def https_open(self, req):
> -            return self.do_open(httplib.HTTPS, req)
> +            return self.do_open(req, httplib.HTTPS)
> +
> +    class HTTPSClientAuthHandler(AbstractHTTPHandler):
> +
> +        def __init__(self, key_file, cert_file):
> +            self.key_file = key_file
> +            self.cert_file = cert_file
> +
> +        def https_open(self, req):
> +            return self.do_open(req,
> +                                httplib.HTTPS, self.key_file, self.cert_file)
>  
>  
>  class UnknownHandler(BaseHandler):
> 
> 
> 
> John

More information about the Python-list mailing list