[Twisted-Python] Clarification for IReactorSSL.ListenSSL(...)

Trevor Perrin trevp at trevp.net
Fri Apr 9 23:25:56 EDT 2004

Hi Carl,

At 12:55 AM 4/9/2004 +0000, you wrote:
>One of the parameters for the ListenSSL(...) method is contextFactory.  After
>some digging, I think that the only concrete class available right now for
>this is DefaultOpenSSLContextFactory?  I am not entirely clear what the
>parameters used to initialize this object mean, though.  Specifically, the
>privateKeyFileName and certificateFileName are a little sketchy from my point
>of view.

These will be files containing a PEM-encoded private key and corresponding 
certificate.  They'll look like:



>Also, does anyone know of an easier way for generating certificates than 
>through all the manual steps in the OpenSSL docs?

Generating a new key and self-signed cert with OpenSSL is really easy:

Then just pass these filenames, and it should work.

>I want to use SSL because
>I want two machines to be able to talk to each other without passing
>sensitive data in the clear, so I am not sure if stuff like certificate
>authorities really need to fit into the picture.

If I was you, I wouldn't use CAs, but would have each side authenticate the 
other based on a fingerprint (i.e. the hash value of the other's certificate).

I'm not sure how to do this with the Twisted's default SSL, but I've 
written a TLS library for Twisted that does this.  However, it may be a bit 
of effort to integrate in your particular app:


More information about the Twisted-Python mailing list