[Twisted-Python] SSL client certificate verification...

Miguel Marques miguel at yorku.ca
Wed Oct 8 16:59:37 EDT 2003

On Wed, 8 Oct 2003 15:49:42 -0400, Itamar Shtull-Trauring <itamar at itamarst.org> wrote:
> On Wed, 08 Oct 2003 14:58:10 -0400 (EDT)
> Miguel Marques <miguel at yorku.ca> wrote:
> > I'm having a bit of difficulty figuring out how to get the CN.  I'm
> > trying to get it from the twisted.web.server.Request passed to the
> > render method of xmlrpc.XMLRPC.  I suspect somewhere in there is the
> > OpenSSL Connection object I can call get_peer_certificate() on.
> > But I'm not sure where...
> > Any pointers in the right direction would be greatly appreciated.
> > TIA...
> request.channel.transport.getPeerCertificate() I think, except this
Thanks, request.channel.transport.socket.get_peer_certificate() did
the trick and things seem to work...

> won't work for pipelining clients at the moment. Arguably auth
> should be done when the client connects - you can do this with custom
> ContextFactory that creates Contexts that do verification callback.

Agreed,  except in this case each xmlrpc procedure has a list of CN's
allowed to call it, so I can only check the CN of the connection's
certificate against that, when I know which xmlrpc procedure they are
trying to call...  (I do use a custom ContextFactory to cause the
client certificate to be checked against my CA)

I've just started using Twisted and I'm not sure what you mean by
'won't work for pipelining clients'?
Could you explain?


C. Miguel Marques, Development Services, Computing and Network Services, York University
e-mail: miguel at yorku.ca, voice: (416)736-2100x22684, fax: (416)736-5830

More information about the Twisted-Python mailing list