SSL security authorization?

John J. Lee jjl at pobox.com
Sun Oct 19 10:29:05 EDT 2003 

[I posted this yesterday, but it and the original post seem to have
mysteriously vanished, so I'm reposting (in somewhat more terse form).
Seems to have happened several times recently, dunno why...]

Anand Pillai wrote:
> The current HTTPSHandler in urllib2 does not handle
> SSL certificate validation. These are used by websites
> for validation of users, instead of raw HTTP password
> validation, which is supported by HTTPBasicAuthHandler.

Correct.


> How about adding an HTTPSPasswordMgr handler to urllib2
> which does HTTPS authorization by using the SSL certificates? 
> I am not sure of the details of how this is done, but it
> sounds like it will be useful. 
[...]

Agreed.  urllib already does it.  Untested patch below.  I'm not
submitting it to SF because I can't easily test it (setting up local
servers is a bore).  If you can test it yourself, please do submit it.

BTW Anand, if you regularly use proxies, client authentication etc,
could you also check out these doc bugs?

http://www.python.org/sf/798244
http://www.python.org/sf/793553


--- urllib2.py.orig	Sat Oct 18 19:30:15 2003
+++ urllib2.py	Sat Oct 18 19:35:26 2003
@@ -800,12 +800,13 @@
     # XXX Should rewrite do_open() to use the new httplib interface,
     # would would be a little simpler.
 
-    def do_open(self, http_class, req):
+    def do_open(self, req, http_class, key_file=None, cert_file=None):
         host = req.get_host()
         if not host:
             raise URLError('no host given')
 
-        h = http_class(host) # will parse host:port
+        h = http_class(host,  # will parse host:port
+                       key_file=key_file, cert_file=cert_file)
         if req.has_data():
             data = req.get_data()
             h.putrequest('POST', req.get_selector())
@@ -846,14 +847,24 @@
 class HTTPHandler(AbstractHTTPHandler):
 
     def http_open(self, req):
-        return self.do_open(httplib.HTTP, req)
+        return self.do_open(req, httplib.HTTP)
 
 
 if hasattr(httplib, 'HTTPS'):
     class HTTPSHandler(AbstractHTTPHandler):
 
         def https_open(self, req):
-            return self.do_open(httplib.HTTPS, req)
+            return self.do_open(req, httplib.HTTPS)
+
+    class HTTPSClientAuthHandler(AbstractHTTPHandler):
+
+        def __init__(self, key_file, cert_file):
+            self.key_file = key_file
+            self.cert_file = cert_file
+
+        def https_open(self, req):
+            return self.do_open(req,
+                                httplib.HTTPS, self.key_file, self.cert_file)
 
 
 class UnknownHandler(BaseHandler):



John

More information about the Python-list mailing list