[Twisted-Python] twisted ssl server and client

[John Aherne]

Hynek

Thanks for the information.

Very interesting. I was wondering how to get the mozilla cert package.

For the server I need to provide a certificate that can be verified by an
external source.

I used the requests package to test that it could verify my certificate
without knowing exactly what it was doing.

As far as I could see it verified the certificate and I then got an
external source to also connect and send information having verified the
certificate. That worked whereas before they had failed with SSL errors.

So for the server, the certificate, key and godaddy bundle seem to be
working.

I found the DefaultOpenSSLContextFactory by googling for clues as to what
to do.

I then looked up the source to see what it required. And it seemed to do
the trick.

I have seen the documentation pointing at CertificateOptions but while I
was trying to find out how I could get my godaddy bundle added in I found
DefaultOpenSSlContextFactory which was easy to add my bundle to.

It was not clear how I could do that with CertificateOptions. When I tried,
I got unknown key argument because it seemed I could pass a key argument in
but all my attempts failed.

I have twisted 14.0.0 on one machine and twisted 14.0.2 on another and I
bounce between them checking what works on one also works on the other.

I have a lot of stuff running on the machine with 14.0.0 so I was not keen
to upgrade until I had a clear idea of what I as doing.

For the client I need to connect back to the external site. I can do this
without verifying the certificate, but it would seem these days that is no
longer sufficient.

So I needed twisted.web.Agent to be able to verify the remote certificate.

Trying that and once again googling for BrowserLikeContextFactory, I find
that it has a real problem verifying hostnames. And your name features
heavily in the list of people who have looked at the problem.

I found that on windows 7 32 bit I could not get it to work. It always
returned an SSL error. So for the time being I have abandoned that and am
ignoring the problem. Just relying on finding and accepting any certificate.

I need most of all to make sure that the server side is working properly,
so your information is extremely welcome.

I shall have to look at CertificateOptions again and see what the problem
is.

I have a feeling that everything is working with SSLv3 since all the error
messages come back mentioning SSLv3. So I imagine at some point I need to
be able to specify TLS and one of its variants.

I hope I have explained a bit more clearly what I am trying to do.

Regards

-- 
*John Aherne*




*www.rocs.co.uk <http://www.rocs.co.uk>*
020 7223 7567
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20141110/61048e40/attachment-0002.html>