[Twisted-Python] SSL + AMP

glyph at divmod.com glyph at divmod.com
Wed Mar 19 17:09:11 EDT 2008

On 18 Mar, 10:34 pm, nathan.stocks at gmail.com wrote:
>Can someone help me fill in the blanks here?  I've got an AMP
>connection up and running, I just want to:
>1) Make it so that AMP uses an SSL connection (which appears to be
>supported by AMP with StartTLS) -- I'm confident that it's only a
>matter of a little bit more time and experimentation for me to get
>this part working.

AMP already supports this, so you don't have anything to do...
>2) Make it so that both the client and the server only connect to each
>other and no one else.  I'm fairly certain this has something to do
>with making my own certificate authority and certificates.  I (with
>Google's help) am capable of figuring out all the OpenSSL commands to
>do the creating, signing, etc. of certificates, but I'm not sure what
>exactly needs to be done.

And this is really just learning about the OpenSSL APIs.
>Any pointers would be appreciated...

I would definitely look at the API docs for twisted.internet.ssl.  You 
don't even need to use openssl to generate and sign certificates 
(although currently some functionality is missing).

If you could give some explanation of the security properties you expect 
(how do you intend for the client and server to exchange information 
about who they "really" are?) then we might be able to offer more direct 
>* Here's the docs I've found so far for twisted+ssl+amp:
>(There's a StartTLS in AMP, )
>(There's an ssl in twisted.internet)
>(The SSL examples use a ClientContextFactory...which is undocumented)
>Twisted-Python mailing list
>Twisted-Python at twistedmatrix.com

More information about the Twisted-Python mailing list