[Twisted-Python] strports.service, ssl and forcing client certs

Jean-Paul Calderone exarkun at divmod.com
Wed Aug 30 12:30:35 EDT 2006


On Wed, 30 Aug 2006 17:12:02 +0100, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>I want a line-oriented protocol to listen on an SSL port, and I want client 
>certificate authentication for this.
>
>How do I specify this:
>
>strports.service('ssl:4443:privateKey=key.pem:certKey=cert.pem:clientCert=must')
>
>...or similar?
>

No: use strports when you want to present strings of this form as a
user-interface element, not otherwise.

To programatically configure an SSL server which requires a client certificate
use something like this:

    from twisted.internet import ssl, reactor
    reactor.listenSSL(4443, f, ssl.CertificateOptions())

Unlike the older ContextFactory classes, CertificateOptions has somewhat
more modern requirements not dictated by HTTP.  Specifically, the method
is TLSv1 and certificates are required.

Jean-Paul




More information about the Twisted-Python mailing list