[Twisted-Python] twisted.web HTTPS client certificate
Adi Roiban
adi at roiban.ro
Mon Jul 12 02:05:40 MDT 2021
On Mon, 12 Jul 2021 at 08:09, Ian Haywood <ian at haywood.id.au> wrote:
> I am trying to work out how to retrieve on the server a X.509
> certificate presented by the HTTPS client. This code tries to tell me
> the transport has no peer certificate.
>
> same error when I use wget as a client so I think my problem is in the
> server code. I'm using self-signed certificates
>
> Any clues as to what I'm doing wrong?
>
> Ian
>
>
As commented by Glyph you will first need to setup one or a list of
accepted CAs.
Then setup custom server-side context.
Add the CA via
https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.load_verify_locations
This is done via
https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.set_verify
to define a path or dir
or implement a custom one via
https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.get_cert_store
Without set_verify, during the TLS/SSL handshake the server will not ask
the client to send its own certificate.
---------
I am using X509 authentication as a passwordless authentication for
automated transfers, similar to the SSH key authentication.
The x509 certificate authentication is used by the Spanish government
across many of their services.
Taxes, customs, health service ...
--
Adi Roiban
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20210712/be723565/attachment.htm>
More information about the Twisted-Python
mailing list