[Twisted-Python] Re: SSL + AMP

David Bolen db3l.net at gmail.com
Fri Mar 21 16:56:26 EDT 2008


Nathan <nathan.stocks at gmail.com> writes:

> On Wed, Mar 19, 2008 at 3:09 PM,  <glyph at divmod.com> wrote:
>>  If you could give some explanation of the security properties you expect
>>  (how do you intend for the client and server to exchange information
>>  about who they "really" are?) then we might be able to offer more direct
>>  guidance.
>
> The security properties that I want are:
>
> 1) My client and my server refuse to establish SSL (or any other type
> of) connections with anybody but each other.
> 2) My client and server do establish SSL connections with each other.
>
> Pretty simple in concept, really.  I'll go read the API docs like you
> suggested...

I posted a while back a small sample of how to handle that for a
general Twisted protocol that might be of some help, or point you in
the right direction as well.

http://twistedmatrix.com/pipermail/twisted-python/2007-August/015935.html

(Note the followup messages that clarify an erroneous "False" left in
the original posted code)

This works fine with just normal CA/server/client certificates created
through the standard OpenSSL process and tools.

-- David





More information about the Twisted-Python mailing list