[Twisted-Python] twisted.internet.ssl
Glyph
glyph at twistedmatrix.com
Thu Oct 26 11:37:41 MDT 2017
> On Oct 26, 2017, at 6:35 AM, Enoch W. <ixew at hotmail.com> wrote:
>
> Thanks Jason,
>
> With a more specific error message raised by github latest code [thanks!] the problem became clear.
> I suggest to change the documentation of 'optionsForClientTLS' -
>
> from:
> ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, clientCertificate=mycert)
>
> to:
> ctx = ssl.optionsForClientTLS(commonName, trustRoot=root, clientCertificate=mycert)
>
> That is, what this ctx (the contextFactory) really expects is the server's certificate commonName which often is, but not in my case, the server's hostName.
>
> Interestingly, Python's standard ssl package does not verify this field.
It sounds like you somehow installed Twisted without the "service_identity" module; it only verifies commonName if it has no other choice.
When you install Twisted, be sure to install the `tls` extra: pip install twisted[tls].
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20171026/3333c695/attachment-0002.html>
More information about the Twisted-Python
mailing list