https client certificate validation

[Yogesh Chawla - PD]

Hello All,
I work for the State of Wisconsin and we are trying to
build a reference implementation using python. Our
goals are this:

1) establish an HTTPS connection between our client
and ourselves

2) exchange client and server certificates to perform
mutual authentication

We only need to write the client in python. The
client should check the server certificate, verify
that the date range and common name are valid. Then
it should confirm that the server certificate is valid
according to a Certificate Revocation List.

After writing a basic script using HTTPSConnection, I
found this in the docs:

Warning: This does not do any certificate
verification!

I then tried to do the same using twisted, m2crypto
and a few other projects.

I am really hitting a wall here. Can anyone point me
in the right direction? I have a client cert, private
key and url I am trying to hit. How can I fulfill the
requirements I have above using python? I have done
most of this in Java, but we would prefer a python
implementation to distribute.

Thanks,
Yogesh Chawla

 

[Heikki Toivonen]

After writing a basic script using HTTPSConnection, I
found this in the docs:

Warning: This does not do any certificate
verification!

Right, for production you use almost certainly need to use some 3rd
party SSL library, of which there are several.

I then tried to do the same using twisted, m2crypto
and a few other projects.

M2Crypto does support client certificate validation, so I am a bit at a
loss what problem you are facing. There is even a unit test that does
mutual authentication:
http://lxr.osafoundation.org/m2crypto/source/tests/test_ssl.py#478