SSL security authorization?
Anand Pillai
pythonguy at Hotpop.com
Mon Oct 20 10:43:53 EDT 2003
Oh sure, I will. Glad to, in fact. :-)
I will post my results in this thread.
Thanks John.
-Anand
jjl at pobox.com (John J. Lee) wrote in message news:<874qy5xpvy.fsf at pobox.com>...
> [I posted this yesterday, but it and the original post seem to have
> mysteriously vanished, so I'm reposting (in somewhat more terse form).
> Seems to have happened several times recently, dunno why...]
>
> Anand Pillai wrote:
> > The current HTTPSHandler in urllib2 does not handle
> > SSL certificate validation. These are used by websites
> > for validation of users, instead of raw HTTP password
> > validation, which is supported by HTTPBasicAuthHandler.
>
> Correct.
>
>
> > How about adding an HTTPSPasswordMgr handler to urllib2
> > which does HTTPS authorization by using the SSL certificates?
> > I am not sure of the details of how this is done, but it
> > sounds like it will be useful.
> [...]
>
> Agreed. urllib already does it. Untested patch below. I'm not
> submitting it to SF because I can't easily test it (setting up local
> servers is a bore). If you can test it yourself, please do submit it.
>
> BTW Anand, if you regularly use proxies, client authentication etc,
> could you also check out these doc bugs?
>
> http://www.python.org/sf/798244
> http://www.python.org/sf/793553
>
>
> --- urllib2.py.orig Sat Oct 18 19:30:15 2003
> +++ urllib2.py Sat Oct 18 19:35:26 2003
> @@ -800,12 +800,13 @@
> # XXX Should rewrite do_open() to use the new httplib interface,
> # would would be a little simpler.
>
> - def do_open(self, http_class, req):
> + def do_open(self, req, http_class, key_file=None, cert_file=None):
> host = req.get_host()
> if not host:
> raise URLError('no host given')
>
> - h = http_class(host) # will parse host:port
> + h = http_class(host, # will parse host:port
> + key_file=key_file, cert_file=cert_file)
> if req.has_data():
> data = req.get_data()
> h.putrequest('POST', req.get_selector())
> @@ -846,14 +847,24 @@
> class HTTPHandler(AbstractHTTPHandler):
>
> def http_open(self, req):
> - return self.do_open(httplib.HTTP, req)
> + return self.do_open(req, httplib.HTTP)
>
>
> if hasattr(httplib, 'HTTPS'):
> class HTTPSHandler(AbstractHTTPHandler):
>
> def https_open(self, req):
> - return self.do_open(httplib.HTTPS, req)
> + return self.do_open(req, httplib.HTTPS)
> +
> + class HTTPSClientAuthHandler(AbstractHTTPHandler):
> +
> + def __init__(self, key_file, cert_file):
> + self.key_file = key_file
> + self.cert_file = cert_file
> +
> + def https_open(self, req):
> + return self.do_open(req,
> + httplib.HTTPS, self.key_file, self.cert_file)
>
>
> class UnknownHandler(BaseHandler):
>
>
>
> John
More information about the Python-list
mailing list