Automate Web Configuration

John J. Lee jjl at pobox.com
Thu Sep 7 23:53:32 CEST 2006


Steve Holden <steve at holdenweb.com> writes:

> D wrote:
> > I would like to write a program that will automate the configuation of
> > a firewall or router via HTTPS.  So, I need to import the applicable
> > certificate, and be able to configure the unit as if I was
> > typing/selecting the appropriate fields manually using a web browser.
> > If there is a command-line based tool that would allow me to do this, I
> > would be more than willing to give it a try.  Otherwise, is there a
> > Python library that would do the same?  Thanks.
> >
> Look for the Mechanize and ClientForm libraries: they can be used to
> automate all sorts of web tasks.

Note that neither mechanize nor the standard library do a great job
with HTTPS client certificates (nor server certificates, for that
matter: those are not checked at all): You have to convert your
certificate file to the right format (e.g. using the "openssl" program
from OpenSSL -- the mechanize API docs explain how), and the only way
to supply the password right now is on the console.  Hmm, it occurs to
me right now that maybe if your key has no password, it won't insist
on console input?  Perhaps the same applies if you're running some
sort of keyserver?  I haven't looked at the OpenSSL API docs to check.
If not, no doubt one could improve mechanize's behaviour here by using
something like PyOpenSSL or M2Crypto (or use the facilities provided
by those libraries directly -- see below).

(If you want to use mechanize right now I recommend checking it out
from SVN rather than using the last-released version.  The official
stable release is coming "RSN".  Getting docs done is hard work!-)

A few other HTTPS problems (both stdlib and mechanize are affected):

- No special CONNECT support for HTTPS proxies (you can do it, but
  it's a pain)

- I think socket timeouts don't work for HTTPS (I forget why, so not
  sure what work-arounds would apply)


If any of those limitations affect you (note they DON'T affect lots of
people doing HTTPS), try M2Crypto or perhaps PyOpenSSL (I don't really
know either library, but I'm pretty sure M2Crypto has an httplib
work-alike).


John



More information about the Python-list mailing list