stackoom
  简体   繁体   中英

How to validate the SSL server certificate in twisted SSL client

 原文  2013-02-22 14:36:13       python/ ssl/ ssl-certificate/ twisted

Question

How do I validate the SSL server certificates in my twisted SSL client?

I am very much beginner to the SSL, I have gone through the twisted SSL tutorials but still I am unclear about some things.

My queries are:

  • How should I validate the SSL server certificate using twisted.internet.ssl module,

  • How ssl.ClientContextFactory.getContext method is useful while dealing with SSL,

  • How can I tell twisted SSL client about the location of the public key file?

1 answers

solution1
 4 ACCPTED  2013-02-27 02:42:03

Since Twisted 14.0, optionsForClientTLS is the best way to do this: 

from twisted.internet.ssl import optionsForClientTLS
from twisted.internet.endpoints import SSL4ClientEndpoint

ctx = optionsForClientTLS(hostname=u"example.com")
endpoint = SSL4ClientEndpoint(reactor, host, port, ctx)
factory = ...
d = endpoint.connect(factory)
...

optionsForClientTLS takes other (optional) arguments as well which may also be useful.

Prior to Twisted 14.0, the process was a bit more involved:

After the connection is established and the SSL handshake has completed successfully (which means the certificate is currently valid based on its notBefore and notAfter values and that it is signed by a certificate authority certificate which you have indicated is trusted) you can get the certificate from the transport: 

certificate = self.transport.getPeerCertificate()

The certificate is represented as a pyOpenSSL X509 instance. It has a method you can use to retrieve the certificate's subject name: 

subject_name = certificate.get_subject()

The subject name is a distinguished name, represented as a pyOpenSSL X509Name instance. You can inspect its fields: 

common_name = subject_name.commonName

This is a string, for example "example.com" .

If you need to inspect the subjectAltName instead (which it's likely you do), then you can find this information in the extensions of the certificate: 

extensions = certificate.get_extensions()

This is a list of pyOpenSSL X509Extension instances. You'll have to parse each one to find the subjectAltName and its value.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to validate server's ssl certificate in python? Python Twisted : SSL routines , ssl3_get_server_certificate errors Python - SSL Client/Server Certificate Certificate Generation for Python Twisted SSL How to know if my server is using SSL or not (with Twisted) What's the right way for a Python/Twisted program to validate an SSL certificate under Windows? Disable SSL certificate check Twisted Agents How to send ssl certificate chain to client Python Selenium - How to specify a client certificate to use in client SSL authentication Basic SSL Server Using Twisted Not Responding
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM