Hi Martin,
Thanks a lot for your reply.
It helped me to find the correct solution.
Unfortunaltely xmlrpclib.ServerProxy does not allow a host tuple, but
just a uri.
So the simplest solution, that I found is to create a custom transport
import xmlrpclib
class SafeTransportWithCert(xmlrpclib.SafeTransport):
__cert_file = DFLT_CERTFILE
__key_file = DFLT_KEYFILE
def make_connection(self,host):
host_with_cert = (host, {
'key_file' : self.__key_file,
'cert_file' : self.__cert_file
} )
return \
xmlrpclib.SafeTransport.make_connection(
self,host_with_cert)
transport = SafeTransportWithCert()
server = xmlrpclib.ServerProxy(server_url,
transport = transport)
rslt = server.mymethod(args)
Perfect.
Now the server can ensure, that only certified clients connect.
My next task is how to find out at the client side, that the server
certificate is a properly signed one.
bye
N
Martin v. Loewis wrote:
>> I can do xmlrpc over ssl WITHOUT certificates with following code:
>>
>> import xmlrpclib
>> server_url = 'https://myserver'
>> server = xmlrpclib.Server(server_url);
>>
>>
>> and I can perform a https get request WITH certificates with below snippet:
>>
>> import httplib
>> conn = httplib.HTTPSConnection(
>> HOSTNAME,
>> key_file = KEYFILE,
>> cert_file = CERTFILE
>> )
>> conn.putrequest('GET', '/')
>> conn.endheaders()
>> response = conn.getresponse()
>> print response.read()
>>
>>
>> I'm just lost of how to 'combine' both.
>
> In this case, read through the source of xmlrpclib:
>
> a) SafeTransport receives x509 parameters from get_host_info
> b) get_host_info supports a case where host is a tuple host, x509
>
> So, without testing:
>
> server = xmlrpclib.Server((server_url, {'key_file': KEYFILE,
> 'cert_file': CERTFILE}))
>
> Please do read the code before trying this out.
>
> HTH,
> Martin
--
http://mail.python.org/mailman/listinfo/python-list
