[Twisted-Python] Clarification for IReactorSSL.ListenSSL(...)
trevp at trevp.net
Fri Apr 9 23:25:56 EDT 2004
At 12:55 AM 4/9/2004 +0000, you wrote:
>One of the parameters for the ListenSSL(...) method is contextFactory. After
>some digging, I think that the only concrete class available right now for
>this is DefaultOpenSSLContextFactory? I am not entirely clear what the
>parameters used to initialize this object mean, though. Specifically, the
>privateKeyFileName and certificateFileName are a little sketchy from my point
These will be files containing a PEM-encoded private key and corresponding
certificate. They'll look like:
-----BEGIN RSA PRIVATE KEY-----
>Also, does anyone know of an easier way for generating certificates than
>through all the manual steps in the OpenSSL docs?
Generating a new key and self-signed cert with OpenSSL is really easy:
Then just pass these filenames, and it should work.
>I want to use SSL because
>I want two machines to be able to talk to each other without passing
>sensitive data in the clear, so I am not sure if stuff like certificate
>authorities really need to fit into the picture.
If I was you, I wouldn't use CAs, but would have each side authenticate the
other based on a fingerprint (i.e. the hash value of the other's certificate).
I'm not sure how to do this with the Twisted's default SSL, but I've
written a TLS library for Twisted that does this. However, it may be a bit
of effort to integrate in your particular app:
More information about the Twisted-Python