By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,288 Members | 3,027 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,288 IT Pros & Developers. It's quick & easy.

https client certificate validation

P: n/a
Hello All,
I work for the State of Wisconsin and we are trying to
build a reference implementation using python. Our
goals are this:

1) establish an HTTPS connection between our client
and ourselves

2) exchange client and server certificates to perform
mutual authentication

We only need to write the client in python. The
client should check the server certificate, verify
that the date range and common name are valid. Then
it should confirm that the server certificate is valid
according to a Certificate Revocation List.

After writing a basic script using HTTPSConnection, I
found this in the docs:

Warning: This does not do any certificate
verification!

I then tried to do the same using twisted, m2crypto
and a few other projects.

I am really hitting a wall here. Can anyone point me
in the right direction? I have a client cert, private
key and url I am trying to hit. How can I fulfill the
requirements I have above using python? I have done
most of this in Java, but we would prefer a python
implementation to distribute.

Thanks,
Yogesh Chawla
Oct 24 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Yogesh Chawla - PD wrote:
After writing a basic script using HTTPSConnection, I
found this in the docs:

Warning: This does not do any certificate
verification!
Right, for production you use almost certainly need to use some 3rd
party SSL library, of which there are several.
I then tried to do the same using twisted, m2crypto
and a few other projects.
M2Crypto does support client certificate validation, so I am a bit at a
loss what problem you are facing. There is even a unit test that does
mutual authentication:
http://lxr.osafoundation.org/m2crypt...est_ssl.py#478

--
Heikki Toivonen
Oct 25 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.