Calling a REST api with an encrypted PEM client certificate

Question

I have got an encrypted client certificate and an encrypted key as PEM files and want to authenticate at a web site and to acquire a page (via GET) using a python script. I already managed to do so using curl in the shell. So I tried to call curl from the python script but I cannot use subprocess.Popen to send the password via stdin as the password is not read via stdin by curl (similar to ssh). I would be even happier if there is a way to use the python standard libs to decode an encrypted certificate and use it to access the web site.

I found several proposals for solving similar problems but non of them met all of my requirements:

• I do not want to save the unencrypted certificate anywhere.
• The user should only provide their passphrase once and subsequently several requests should be made.
• It must work with python 2.7.3, preferably even with python 2.6

Answer 1

I managed to find a solution using pycurl:

import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, MYURL)
c.setopt(c.WRITEFUNCTION, buffer.write)
c.setopt(c.SSLCERT, 'clientcert.pem')
c.setopt(c.SSLCERTPASSWD, passphrase)
c.setopt(c.SSLKEY, 'clientkey.pem')
c.perform()
c.close()
print buffer.getvalue()