[Twisted-Python] https server example with client certs for twisted

Sun Jul 11 22:04:10 EDT 2010

On 11 Jul, 07:02 pm, gelonida at gmail.com wrote:
>H,
>
>I'd like to implement a small https twisted server,
>
>which can wrap a wsgi module and which
>can verify client certificates
>
>
>I am able to do this with apache, but would like to do the same with
>twisted.
>
>
>What I have running is following.
>
>The
>
>#!/bin/sh
>certfile=mycert.crt
>keyfile=mycert.key
>wsgi_module=tw_wrapper.application
>
>twistd -n web --https 4433 \
>    --certificate $certfile --privkey $keyfile \
>    --wsgi $wsgi_module
>
>
>
>I wondered where I could find any good example code
>implementing a web server with client certificate authentication
>( and ideally with a  subsequent wsgi module)

Twisted uses pyOpenSSL to support HTTPS.  You can read a bit about the 
basic SSL customization APIs in Twisted here:

    http://twistedmatrix.com/documents/current/core/howto/ssl.html

And you can read more about the underlying pyOpenSSL APIs here:

    http://packages.python.org/pyOpenSSL/

In particular, you're probably interested in customizing a Context 
instance:

    http://packages.python.org/pyOpenSSL/openssl-context.html

So that it requires and validates a peer certificate.

Unfortunately, we haven't yet made this level of customization available 
directly from the "twistd" command line, so you'll have to switch from 
using the "twistd web" command to something like a tac file:

http://twistedmatrix.com/documents/current/core/howto/application.html

You'll be able to set up the same kind of web server created by "twistd 
web", but you'll have to invoke some of the service APIs, such as 
SSLServer.  You can find an example of this sort of thing midway through 
the finger tutorial:

http://twistedmatrix.com/documents/current/core/howto/tutorial/factory.html#auto1

Jean-Paul