[Twisted-Python] strports.service, ssl and forcing client certs
Jean-Paul Calderone
exarkun at divmod.com
Wed Aug 30 12:30:35 EDT 2006
On Wed, 30 Aug 2006 17:12:02 +0100, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>I want a line-oriented protocol to listen on an SSL port, and I want client
>certificate authentication for this.
>
>How do I specify this:
>
>strports.service('ssl:4443:privateKey=key.pem:certKey=cert.pem:clientCert=must')
>
>...or similar?
>
No: use strports when you want to present strings of this form as a
user-interface element, not otherwise.
To programatically configure an SSL server which requires a client certificate
use something like this:
from twisted.internet import ssl, reactor
reactor.listenSSL(4443, f, ssl.CertificateOptions())
Unlike the older ContextFactory classes, CertificateOptions has somewhat
more modern requirements not dictated by HTTP. Specifically, the method
is TLSv1 and certificates are required.
Jean-Paul
More information about the Twisted-Python
mailing list