https client certificate validation

Discussion in 'Python' started by Yogesh Chawla - PD, Oct 24, 2006.

  1. Hello All,
    I work for the State of Wisconsin and we are trying to
    build a reference implementation using python. Our
    goals are this:

    1) establish an HTTPS connection between our client
    and ourselves

    2) exchange client and server certificates to perform
    mutual authentication

    We only need to write the client in python. The
    client should check the server certificate, verify
    that the date range and common name are valid. Then
    it should confirm that the server certificate is valid
    according to a Certificate Revocation List.

    After writing a basic script using HTTPSConnection, I
    found this in the docs:

    Warning: This does not do any certificate
    verification!

    I then tried to do the same using twisted, m2crypto
    and a few other projects.

    I am really hitting a wall here. Can anyone point me
    in the right direction? I have a client cert, private
    key and url I am trying to hit. How can I fulfill the
    requirements I have above using python? I have done
    most of this in Java, but we would prefer a python
    implementation to distribute.

    Thanks,
    Yogesh Chawla
    Yogesh Chawla - PD, Oct 24, 2006
    #1
    1. Advertising

  2. Yogesh Chawla - PD wrote:
    > After writing a basic script using HTTPSConnection, I
    > found this in the docs:
    >
    > Warning: This does not do any certificate
    > verification!


    Right, for production you use almost certainly need to use some 3rd
    party SSL library, of which there are several.

    > I then tried to do the same using twisted, m2crypto
    > and a few other projects.


    M2Crypto does support client certificate validation, so I am a bit at a
    loss what problem you are facing. There is even a unit test that does
    mutual authentication:
    http://lxr.osafoundation.org/m2crypto/source/tests/test_ssl.py#478

    --
    Heikki Toivonen
    Heikki Toivonen, Oct 25, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Zorba
    Replies:
    0
    Views:
    940
    Zorba
    Jun 4, 2004
  2. Subra Mallampalli
    Replies:
    0
    Views:
    429
    Subra Mallampalli
    Oct 2, 2003
  3. Subra Mallampalli
    Replies:
    0
    Views:
    452
    Subra Mallampalli
    Oct 2, 2003
  4. jakecjacobson
    Replies:
    0
    Views:
    241
    jakecjacobson
    Jun 23, 2009
  5. Subra Mallampalli
    Replies:
    0
    Views:
    145
    Subra Mallampalli
    Oct 2, 2003
Loading...

Share This Page