473,549 Members | 2,628 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

https client certificate validation

Hello All,
I work for the State of Wisconsin and we are trying to
build a reference implementation using python. Our
goals are this:

1) establish an HTTPS connection between our client
and ourselves

2) exchange client and server certificates to perform
mutual authentication

We only need to write the client in python. The
client should check the server certificate, verify
that the date range and common name are valid. Then
it should confirm that the server certificate is valid
according to a Certificate Revocation List.

After writing a basic script using HTTPSConnection , I
found this in the docs:

Warning: This does not do any certificate
verification!

I then tried to do the same using twisted, m2crypto
and a few other projects.

I am really hitting a wall here. Can anyone point me
in the right direction? I have a client cert, private
key and url I am trying to hit. How can I fulfill the
requirements I have above using python? I have done
most of this in Java, but we would prefer a python
implementation to distribute.

Thanks,
Yogesh Chawla
Oct 24 '06 #1
1 3420
Yogesh Chawla - PD wrote:
After writing a basic script using HTTPSConnection , I
found this in the docs:

Warning: This does not do any certificate
verification!
Right, for production you use almost certainly need to use some 3rd
party SSL library, of which there are several.
I then tried to do the same using twisted, m2crypto
and a few other projects.
M2Crypto does support client certificate validation, so I am a bit at a
loss what problem you are facing. There is even a unit test that does
mutual authentication:
http://lxr.osafoundation.org/m2crypt...est_ssl.py#478

--
Heikki Toivonen
Oct 25 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
8826
by: Aung | last post by:
Has anybody develop RFC1950 and RFC1951 compliant Zip utility? Any pointer will be appreciated.
0
4542
by: Ira Lee | last post by:
Hi. I'm having a bit of trouble using a Perl script that will login to a secure website... and then access subsequent pages with a cookie. This works when accessing manually via the browser (Konqueror) which then accepts the cookie and allows me to login to subsequent pages with the valid cookie. It appears that the HTTP/SSLeay installation...
5
13647
by: John Xu | last post by:
I have a question regarding https and SSL between two web sites. I am not quit understand how asp application can handle https, encryption and SSL. Here is scenario: An asp application on my web site requires to get form data from web client and to convert the data with XML format and send the data to another web site which only accepts...
2
2887
by: MarkAurit | last post by:
I have a web service Im using on a machine via http in a dmz that works file. Im now attempting to use it in a second server, this one using https. When I attempt to add the Web Reference in vs.net 1.1, I get the following message: ***************************************** There was an error downloading 'https://<dns...
0
10700
by: mahesh anasuri | last post by:
Hi all, I am new to this mailing list. Thankful if any one is using curl/linux version to and worked on Https. I have created certificates (PEM format) for client and server using openSSL. I am using Apache server/Linux platform and started server with "server certificate". I configured server to listen HTTPS service at port 443. I...
14
3032
by: david | last post by:
I have developed web forms including login by using ASP.NET via HTTP. Now I want to secure the connection from client to the server via HTTPS. How can I configure the server or something else to make the change? Thank you David
4
2087
by: bkasmai | last post by:
My asp.net application (developed using vs2003) runs fine on a windows 2000 server using iis 5.0. Our network manager wants to do away with any http connections and only use https for services that are used by external users. I have not got a clue how to go about this. My users are authenticated directly by querying a sql table where the user...
1
11751
by: Jens Mander | last post by:
Hi and sorry for the heavy crossposting (fu2 mpdf)! As you might have gotten out of the subject line, my application tries to consume a webservice that's being connected to via https. This works fine when I use a windows forms app. Trying the same from within an asp.net app fails. As far as I can tell this is due to the lack of an installed...
0
2851
by: NoaGross | last post by:
Hi, I'm relly new in java and I have a problem. I'm using java applet. When using http all ok, but when trying to use https i get: Java Plug-in 1.5.0_10 Using JRE version 1.5.0_10 Java HotSpot(TM) Client VM User home directory = C:\Documents and Settings\noa ---------------------------------------------------- c: clear console window
0
7532
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7730
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7823
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6055
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5101
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3509
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3491
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1956
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
776
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.