[Twisted-Python] SSLContext not valid for TLS Server

[Thomas Hartwich]

Yes, you're right for sure. As an alternative I tried to instantiate an object from twisted.internet._sslverify.OpenSSLCertificateOptions (as it is used by PrivateCertificate e.g.):

co = OpenSSLCertificateOptions(privateKey=pkey,certificate=cert_obj)

Despite it provides a SSL-context, it does not work similarly to the options() method I tried before from PrivateCertificate().

Can you tell me how I can make use of IOpenSSLServerConnectionCreator to create a valid SSL-Context for the TLS server in my case?

Thank you!
 

Gesendet: Sonntag, 20. August 2017 um 22:36 Uhr
Von: Glyph <glyph at twistedmatrix.com>
An: "Twisted general discussion" <twisted-python at twistedmatrix.com>
Betreff: Re: [Twisted-Python] SSLContext not valid for TLS Server

 

On Aug 20, 2017, at 9:30 AM, Thomas Hartwich <ceeborraa at gmx.de[mailto:ceeborraa at gmx.de]> wrote: 
 Ok, I finally got a solution for my problem. As I know, the TLS server was working with DefaultOpenSSLContextFactory but this only takes file paths to private key/certificate, I created my own SSL-Context file.

For anybody who has the same problem: 
Please note that this solution will prevent the use of TLS 1.3 when it is available, among other problems.
 
DefaultOpenSSLContextFactory should be deprecated (I hope someone has the time to do it soon), as is the 'getContext' interface that you're using (you should be using https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html[https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html] ) so it would be really good to understand what part of the non-deprecated TLS stack is broken for you.
 
-glyph_______________________________________________ Twisted-Python mailing list Twisted-Python at twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python[https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python]