[Twisted-Python] Re: SSL + AMP
Nathan
nathan.stocks at gmail.com
Mon Mar 24 09:39:20 MDT 2008
On Fri, Mar 21, 2008 at 2:56 PM, David Bolen <db3l.net at gmail.com> wrote:
>
> Nathan <nathan.stocks at gmail.com> writes:
>
> > On Wed, Mar 19, 2008 at 3:09 PM, <glyph at divmod.com> wrote:
> >> If you could give some explanation of the security properties you expect
> >> (how do you intend for the client and server to exchange information
> >> about who they "really" are?) then we might be able to offer more direct
> >> guidance.
> >
> > The security properties that I want are:
> >
> > 1) My client and my server refuse to establish SSL (or any other type
> > of) connections with anybody but each other.
> > 2) My client and server do establish SSL connections with each other.
> >
> > Pretty simple in concept, really. I'll go read the API docs like you
> > suggested...
>
> I posted a while back a small sample of how to handle that for a
> general Twisted protocol that might be of some help, or point you in
> the right direction as well.
>
> http://twistedmatrix.com/pipermail/twisted-python/2007-August/015935.html
>
> (Note the followup messages that clarify an erroneous "False" left in
> the original posted code)
>
> This works fine with just normal CA/server/client certificates created
> through the standard OpenSSL process and tools.
>
> -- David
That's just what I was looking for!
I'm going to see if I can use that example to add SSL to my AMP stuff
by the end of today. First, I've got to finish figuring out the
certificate authority stuff. I'm working through the following page
to set up my own local CA:
http://sial.org/howto/openssl/ca/
If anyone knows a better guide to follow, please let me know!
~ Nathan
~ Nathan
More information about the Twisted-Python
mailing list