python xmlrpc client with ssl client certificates and standard modules

News123 news123 at free.fr
Tue Jan 5 10:03:56 CET 2010


Hi Martin,

Thanks a lot for your reply.
It helped me to find the correct solution.

Unfortunaltely xmlrpclib.ServerProxy does not allow a host tuple, but
just a uri.

So the simplest solution, that I found is to create a custom transport


import xmlrpclib

class SafeTransportWithCert(xmlrpclib.SafeTransport):
    __cert_file = DFLT_CERTFILE
    __key_file  = DFLT_KEYFILE
    def make_connection(self,host):
        host_with_cert = (host, {
                      'key_file'  :  self.__key_file,
                      'cert_file' :  self.__cert_file
            } )
        return  \
          xmlrpclib.SafeTransport.make_connection(             	
                               self,host_with_cert)


transport = SafeTransportWithCert()
server = xmlrpclib.ServerProxy(server_url,
    transport = transport)

rslt = server.mymethod(args)


Perfect.
Now the server can ensure, that only certified clients connect.

My next task is how to find out at the client side, that the server
certificate is a properly signed one.

bye


N


 Martin v. Loewis wrote:
>> I can do xmlrpc over ssl WITHOUT certificates with following code:
>>
>> import xmlrpclib
>> server_url = 'https://myserver'
>> server = xmlrpclib.Server(server_url);
>>
>>
>> and I can perform a https get request WITH certificates with below snippet:
>>
>> import httplib
>> conn = httplib.HTTPSConnection(
>>     	HOSTNAME,
>>     	key_file = KEYFILE,
>>     	cert_file = CERTFILE
>> )
>> conn.putrequest('GET', '/')
>> conn.endheaders()
>> response = conn.getresponse()
>> print response.read()
>>
>>
>> I'm just lost of how to 'combine' both.
> 
> In this case, read through the source of xmlrpclib:
> 
> a) SafeTransport receives x509 parameters from get_host_info
> b) get_host_info supports a case where host is a tuple host, x509
> 
> So, without testing:
> 
> server = xmlrpclib.Server((server_url, {'key_file': KEYFILE,
>                                         'cert_file': CERTFILE}))
> 
> Please do read the code before trying this out.
> 
> HTH,
> Martin



More information about the Python-list mailing list