[Pythonmac-SIG] SSL, client certificates, proxy authorization

L. Daniel Burr burrda@mac.com
Mon, 17 Jun 2002 22:55:33 -0400

Could somebody please give me some advice regarding SSL communications and
XML-RPC?  The scenario is as follows:

- I have a python client behind a firewall
- There is a proxy server that requires authorization
- There is an external XML-RPC server, using SSL on port 443
- The XML-RPC server requires that I use client certificate authentication

Now, I can use xmlrpclib over HTTP, pass the Proxy-Authorization header to
the proxy, and access external XML-RPC servers (Meerkat, for example) that
are not encrypted.  So far so good.  I can also perform HTTPS requests
through the proxy to external HTTPS servers.  The problem occurs when I need
to create an HTTPSConnection that uses a client certificate to authenticate
against the SSL-based XML-RPC server.  I can't seem to figure out how to
make the proxy forward my request to the XML-RPC server.

I think I need to somehow make the proxy perform its SSL tunneling function
(HTTP CONNECT method), but I can't see how to accomplish this.  If I have an
HTTPConnection to the proxy, how do I overlay it with an SSL connection,
along with the client certificate?

I've scoured the web and found one helpful HTTPS-with-client-certs recipe in
the Python Cookbook, but nothing about how to get python to do this through
a proxy.

The client is running on Mac OS 10.1.5, machopython 2.2.1_3 (from the
wxpython site).

Any suggestions would be very much appreciated.

L. Daniel Burr