[Twisted-Python] Creating a PKCS#11 Enabled SSL Proxy

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Thu Nov 10 07:45:01 MST 2011


On 02:13 am, athornton1974 at gmail.com wrote:
>I am in need of an ssl web proxy that can read a certificate off of a 
>PKCS#11 device and then do client authentication using that 
>certificate. I thought that twisted would be a great way to do this. I 
>was wondering if anyone on this list has put anything like that 
>together before. I have seen the tutorials and walkthroughs the outline 
>the steps to create an http proxy using twisted, but not much about 
>https and nothing about using a wrapper like pkcs11 or PyKCS11. I 
>appreciate any direction that anyone can give.

Twisted currently provides SSL support exclusively based on the features 
of OpenSSL (via pyOpenSSL).  So, if pyOpenSSL supports something, then 
you can probably do it with Twisted.

pyOpenSSL doesn't currently support PKCS11 and it appears that OpenSSL 
itself needs to be patched and build specially to support it.  So, with 
some effort you may be able to create something that satisfies your 
requirements, but there doesn't appear to be a working solution out of 
the box.

This is just my assessment based on some familiarity with SSL and some 
searching around this morning; I've never tried to use PKCS11 myself.

Jean-Paul




More information about the Twisted-Python mailing list