ssl server

Michael Palmer m_palmer45 at yahoo.ca
Thu Sep 18 01:05:51 CEST 2008


On Sep 17, 1:33 pm, Seb <sebastianthegreat... at gmail.com> wrote:
> I'm making a ssl server, but I'm not sure how I can verify the
> clients. What do I actually need to place in _verify to actually
> verify that the client cert is signed by me?
>
>  50 class SSLTCPServer(TCPServer):
>  51         keyFile = "sslcert/server.key"
>  52         certFile = "sslcert/server.crt"
>  53         def __init__(self, server_address, RequestHandlerClass):
>  54                 ctx = SSL.Context(SSL.SSLv23_METHOD)
>  55                 ctx.use_privatekey_file(self.keyFile)
>  56                 ctx.use_certificate_file(self.certFile)
>  57                 ctx.set_verify(SSL.VERIFY_PEER |
> SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
> self._verify)
>  58                 ctx.set_verify_depth(10)
>  59                 ctx.set_session_id('DFS')
>  60
>  61                 self.server_address = server_address
>  62                 self.RequestHandlerClass = RequestHandlerClass
>  63                 self.socket = socket.socket(self.address_family,
> self.socket_type)
>  64                 self.socket = SSL.Connection(ctx, self.socket)
>  65                 self.socket.bind(self.server_address)
>  66                 self.socket.listen(self.request_queue_size)
>  67
>  68         def _verify(self, conn, cert, errno, depth, retcode):
>  69                 return not cert.has_expired() and
> cert.get_issuer().organizationName == 'DFS'

If I were you, I would just just hide behind apache, nginx oder
another server that does ssl. just have that server proxy locally to
your python server over http, and firewall the python server port.



More information about the Python-list mailing list