On Sep 17, 1:33 pm, Seb <[EMAIL PROTECTED]> wrote:
> I'm making a ssl server, but I'm not sure how I can verify the
> clients. What do I actually need to place in _verify to actually
> verify that the client cert is signed by me?
>
> 50 class SSLTCPServer(TCPServer):
> 51 keyFile = "sslcert/server.key"
> 52 certFile = "sslcert/server.crt"
> 53 def __init__(self, server_address, RequestHandlerClass):
> 54 ctx = SSL.Context(SSL.SSLv23_METHOD)
> 55 ctx.use_privatekey_file(self.keyFile)
> 56 ctx.use_certificate_file(self.certFile)
> 57 ctx.set_verify(SSL.VERIFY_PEER |
> SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE,
> self._verify)
> 58 ctx.set_verify_depth(10)
> 59 ctx.set_session_id('DFS')
> 60
> 61 self.server_address = server_address
> 62 self.RequestHandlerClass = RequestHandlerClass
> 63 self.socket = socket.socket(self.address_family,
> self.socket_type)
> 64 self.socket = SSL.Connection(ctx, self.socket)
> 65 self.socket.bind(self.server_address)
> 66 self.socket.listen(self.request_queue_size)
> 67
> 68 def _verify(self, conn, cert, errno, depth, retcode):
> 69 return not cert.has_expired() and
> cert.get_issuer().organizationName == 'DFS'
If I were you, I would just just hide behind apache, nginx oder
another server that does ssl. just have that server proxy locally to
your python server over http, and firewall the python server port.
--
http://mail.python.org/mailman/listinfo/python-list
