I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
50 class SSLTCPServer(TCPServer):
51 keyFile = "sslcert/server.key"
52 certFile = "sslcert/server.crt"
53 def __init__(self, server_address, RequestHandlerClass):
54 ctx = SSL.Context(SSL.SSLv23_METHOD)
55 ctx.use_privatekey_file(self.keyFile)
56 ctx.use_certificate_file(self.certFile)
57 ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
58 ctx.set_verify_depth(10)
59 ctx.set_session_id('DFS')
60
61 self.server_address = server_address
62 self.RequestHandlerClass = RequestHandlerClass
63 self.socket = socket.socket(self.address_family,
self.socket_type)
64 self.socket = SSL.Connection(ctx, self.socket)
65 self.socket.bind(self.server_address)
66 self.socket.listen(self.request_queue_size)
67
68 def _verify(self, conn, cert, errno, depth, retcode):
69 return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS' 4 1875
On 17 Set, 19:33, Seb <sebastianthegreat...@gmail.comwrote:
I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
*50 class SSLTCPServer(TCPServer):
*51 * * * * keyFile = "sslcert/server.key"
*52 * * * * certFile = "sslcert/server.crt"
*53 * * * * def __init__(self, server_address, RequestHandlerClass):
*54 * * * * * * * * ctx = SSL.Context(SSL.SSLv23_METHOD)
*55 * * * * * * * * ctx.use_privatekey_file(self.keyFile)
*56 * * * * * * * * ctx.use_certificate_file(self.certFile)
*57 * * * * * * * * ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
*58 * * * * * * * * ctx.set_verify_depth(10)
*59 * * * * * * * * ctx.set_session_id('DFS')
*60
*61 * * * * * * * * self.server_address = server_address
*62 * * * * * * * * self.RequestHandlerClass = RequestHandlerClass
*63 * * * * * * * * self.socket = socket.socket(self.address_family,
self.socket_type)
*64 * * * * * * * * self.socket = SSL.Connection(ctx,self.socket)
*65 * * * * * * * * self.socket.bind(self.server_address)
*66 * * * * * * * * self.socket.listen(self.request_queue_size)
*67
*68 * * * * def _verify(self, conn, cert, errno, depth, retcode):
*69 * * * * * * * * return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'
What library are you using? PyOpenSSL?
In that case I think you'll have more luck by posting on their mailing
list.
--- Giampaolo http://code.google.com/p/pyftpdlib/
On Sep 17, 1:33 pm, Seb <sebastianthegreat...@gmail.comwrote:
I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
50 class SSLTCPServer(TCPServer):
51 keyFile = "sslcert/server.key"
52 certFile = "sslcert/server.crt"
53 def __init__(self, server_address, RequestHandlerClass):
54 ctx = SSL.Context(SSL.SSLv23_METHOD)
55 ctx.use_privatekey_file(self.keyFile)
56 ctx.use_certificate_file(self.certFile)
57 ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
58 ctx.set_verify_depth(10)
59 ctx.set_session_id('DFS')
60
61 self.server_address = server_address
62 self.RequestHandlerClass = RequestHandlerClass
63 self.socket = socket.socket(self.address_family,
self.socket_type)
64 self.socket = SSL.Connection(ctx, self.socket)
65 self.socket.bind(self.server_address)
66 self.socket.listen(self.request_queue_size)
67
68 def _verify(self, conn, cert, errno, depth, retcode):
69 return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'
If I were you, I would just just hide behind apache, nginx oder
another server that does ssl. just have that server proxy locally to
your python server over http, and firewall the python server port.
On Sep 17, 10:53*pm, "Giampaolo Rodola'" <gne...@gmail.comwrote:
On 17 Set, 19:33, Seb <sebastianthegreat...@gmail.comwrote:
I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
*50 class SSLTCPServer(TCPServer):
*51 * * * * keyFile = "sslcert/server.key"
*52 * * * * certFile = "sslcert/server.crt"
*53 * * * * def __init__(self, server_address, RequestHandlerClass):
*54 * * * * * * * * ctx = SSL.Context(SSL.SSLv23_METHOD)
*55 * * * * * * * * ctx.use_privatekey_file(self.keyFile)
*56 * * * * * * * * ctx.use_certificate_file(self.certFile)
*57 * * * * * * * * ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
*58 * * * * * * * * ctx.set_verify_depth(10)
*59 * * * * * * * * ctx.set_session_id('DFS')
*60
*61 * * * * * * * * self.server_address = server_address
*62 * * * * * * * * self.RequestHandlerClass = RequestHandlerClass
*63 * * * * * * * * self.socket = socket.socket(self.address_family,
self.socket_type)
*64 * * * * * * * * self.socket = SSL.Connection(ctx, self.socket)
*65 * * * * * * * * self.socket.bind(self.server_address)
*66 * * * * * * * * self.socket.listen(self.request_queue_size)
*67
*68 * * * * def _verify(self, conn, cert, errno, depth, retcode):
*69 * * * * * * * * return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'
What library are you using? PyOpenSSL?
In that case I think you'll have more luck by posting on their mailing
list.
Thanks, I did that and it worked.
On Sep 17, 7:33*pm, Seb <sebastianthegreat...@gmail.comwrote:
I'm making a ssl server, but I'm not sure how I can verify the
clients. What do I actually need to place in _verify to actually
verify that the client cert is signed by me?
*50 class SSLTCPServer(TCPServer):
*51 * * * * keyFile = "sslcert/server.key"
*52 * * * * certFile = "sslcert/server.crt"
*53 * * * * def __init__(self, server_address, RequestHandlerClass):
*54 * * * * * * * * ctx = SSL.Context(SSL.SSLv23_METHOD)
*55 * * * * * * * * ctx.use_privatekey_file(self.keyFile)
*56 * * * * * * * * ctx.use_certificate_file(self.certFile)
*57 * * * * * * * * ctx.set_verify(SSL.VERIFY_PEER |
SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
self._verify)
*58 * * * * * * * * ctx.set_verify_depth(10)
*59 * * * * * * * * ctx.set_session_id('DFS')
*60
*61 * * * * * * * * self.server_address = server_address
*62 * * * * * * * * self.RequestHandlerClass = RequestHandlerClass
*63 * * * * * * * * self.socket = socket.socket(self.address_family,
self.socket_type)
*64 * * * * * * * * self.socket = SSL.Connection(ctx,self.socket)
*65 * * * * * * * * self.socket.bind(self.server_address)
*66 * * * * * * * * self.socket.listen(self.request_queue_size)
*67
*68 * * * * def _verify(self, conn, cert, errno, depth, retcode):
*69 * * * * * * * * return not cert.has_expired() and
cert.get_issuer().organizationName == 'DFS'
Simply return retcode and it will work... assuming you have the certs
setup properly. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Phil |
last post by:
I am using a Pascal like language (Wealth-Lab) on W2K and call this server:
class HelloWorld:
_reg_clsid_ = "{4E797C6A-5969-402F-8101-9C95453CF8F6}"
_reg_desc_ = "Python Test COM Server"...
|
by: Nathan Sokalski |
last post by:
I want to set up SQL Server on Windows XP Pro so that I can use the database
capabilities of ASP and IIS. I am probably using some incorrect settings,
but I am not sure what they are. Here is what...
|
by: Grim Reaper |
last post by:
My work let me put SQL Server 7.0 Enterprise Edition on my laptop. I have
never setup a server from the beginning, so I am a little new at creating
server groups.
Alright, I am trying to create...
|
by: Chris Halcrow |
last post by:
Hi
I've spent ALL DAY trying to re-install SQL Server 2000 on Windows XP.
I continually get the error 'cannot configure server' just at the end
of the installation. I've tried the following:
...
|
by: Zorba.GR |
last post by:
IBM DB2 Connect Enterprise Edition v8.2, other IBM DB2 (32 bit, 64
bit) (MULTiOS, Windows, Linux, Solaris), IBM iSoft Commerce Suite
Server Enterprise v3.2.01, IBM Tivoli Storage Resource Manager...
|
by: Hazzard |
last post by:
I just realized that the code I inherited is using all asp.net server
controls (ie. webform controls) and when I try to update textboxes on the
client side, I lose the new value of the textbox when...
|
by: Mike |
last post by:
Hi,
I am strugling with a simple problem which I can't seem to resolve.
I have an asp.net page which contains a server-control (flytreeview,
which is a kind
of a tree to be exact).
The tree is...
|
by: Jobs |
last post by:
Download the JAVA , .NET and SQL Server interview with answers
Download the JAVA , .NET and SQL Server interview sheet and rate
yourself. This will help you judge yourself are you really worth of...
|
by: Developer |
last post by:
Hello All,
i have recently installed VS2005 and was trying to install SQL sever
2000.
I have Win XP' SP2. But when I tried installing, it only installed
client tools and not the database.
Can...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |