[Twisted-Python] twisted.internet.ssl
Enoch W.
ixew at hotmail.com
Thu Oct 26 07:35:00 MDT 2017
Thanks Jason,
With a more specific error message raised by github latest code [thanks!] the problem became clear.
I suggest to change the documentation of 'optionsForClientTLS' -
from:
ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, clientCertificate=mycert)
to:
ctx = ssl.optionsForClientTLS(commonName, trustRoot=root, clientCertificate=mycert)
That is, what this ctx (the contextFactory) really expects is the server's certificate commonName which often is, but not in my case, the server's hostName.
Interestingly, Python's standard ssl package does not verify this field.
Regards, Enoch.
On 10/26/2017 01:13 AM, Jason Litzinger wrote:
On Wed, Oct 25, 2017 at 08:07:26PM +0000, Enoch W. wrote:
A known bug?
Hello Enoch,
A question, does the server have an intermediate cert that it is using?
If so, then the problem might be that your trust root needs both the CA
and intermediate.
I have some https test code I hacked together a while back (neither
reviewed nor heavily tested, but same general idea).
https://github.com/jlitzingerdev/twisted-benchmarks/blob/https-benchmark/web_https.py
If I omit the intermediate cert I get the same error.
Cheers,
-Jason
_______________________________________________
Twisted-Python mailing list
Twisted-Python at twistedmatrix.com<mailto:Twisted-Python at twistedmatrix.com>
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20171026/0bd137c1/attachment-0002.html>
More information about the Twisted-Python
mailing list