[Twisted-web] Enforcing SSL for non-SSL requests

Marek Habersack grendel at caudium.net
Wed Aug 10 13:19:52 MDT 2005 

On Wed, Aug 10, 2005 at 07:33:50PM +0300, Tommi Virtanen scribbled:
> Marek Habersack wrote:
> >   I'm trying to find a way for a Nevow-based application to enforce SSL
> > connection on the client when they come in using insecure HTTP. Currently
> > when the client comes in using a http://site.com URL typed in the browser,
> > they will get no error and no response from the server as the connection is
> > closed. The application log reveals the following:
> 
> Your SSL problem has to do with trying to talk non-SSL protocols to an
> SSL port, as mentioned elsewhere in this thread.
Yes, I know, the client isn't starting the SSL handshake when it is expected
to - the real question was how to work around it using a single port (my 
client's requirement), but it seems I will have to use the standard two-port 
approach here.

> Apart from that, here's what I've done before:
> 
> class MakeSecure(object):
>     __implements__ = inevow.IResource,
> 
>     def __init__(self, wrapped, port=None, *a, **kw):
>         super(MakeSecure, self).__init__(*a, **kw)
>         self.wrapped = wrapped
>         self.port = port
> 
>     def locateChild(self, ctx, segments):
>         request = inevow.IRequest(ctx)
>         if request.isSecure():
>             return self.wrapped, segments
>         else:
>             u = url.URL.fromRequest(request)
>             for seg in segments:
>                 u = u.child(seg)
>             return u.secure(port=self.port), ()
> 
>     def renderHTTP(self, ctx):
>         request = inevow.IRequest(ctx)
>         if request.isSecure():
>             return self.wrapped.renderHTTP(ctx)
>         else:
>             u = url.URL.fromRequest(request)
>             u = u.secure(port=self.port)
>             return inevow.IResource(u).renderHTTP(ctx)
> 
> for that, svn co http://divmod.org/svn/Nevow/sandbox/tv and see the
> makesecure subdirectory.
> 
> You may also be interested in the branchsecure directory.
Thanks a million, I think this will do the trick :)

best regards,

marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://twistedmatrix.com/pipermail/twisted-web/attachments/20050810/5fe59c34/attachment.bin

More information about the Twisted-web mailing list