ssl server
Michael Palmer
m_palmer45 at yahoo.ca
Wed Sep 17 19:05:51 EDT 2008
On Sep 17, 1:33 pm, Seb <sebastianthegreat... at gmail.com> wrote:
> I'm making a ssl server, but I'm not sure how I can verify the
> clients. What do I actually need to place in _verify to actually
> verify that the client cert is signed by me?
>
> 50 class SSLTCPServer(TCPServer):
> 51 keyFile = "sslcert/server.key"
> 52 certFile = "sslcert/server.crt"
> 53 def __init__(self, server_address, RequestHandlerClass):
> 54 ctx = SSL.Context(SSL.SSLv23_METHOD)
> 55 ctx.use_privatekey_file(self.keyFile)
> 56 ctx.use_certificate_file(self.certFile)
> 57 ctx.set_verify(SSL.VERIFY_PEER |
> SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
> self._verify)
> 58 ctx.set_verify_depth(10)
> 59 ctx.set_session_id('DFS')
> 60
> 61 self.server_address = server_address
> 62 self.RequestHandlerClass = RequestHandlerClass
> 63 self.socket = socket.socket(self.address_family,
> self.socket_type)
> 64 self.socket = SSL.Connection(ctx, self.socket)
> 65 self.socket.bind(self.server_address)
> 66 self.socket.listen(self.request_queue_size)
> 67
> 68 def _verify(self, conn, cert, errno, depth, retcode):
> 69 return not cert.has_expired() and
> cert.get_issuer().organizationName == 'DFS'
If I were you, I would just just hide behind apache, nginx oder
another server that does ssl. just have that server proxy locally to
your python server over http, and firewall the python server port.
More information about the Python-list
mailing list