On 12:44 pm, a...@roiban.ro wrote: >On 13 June 2012 14:15, <exar...@twistedmatrix.com> wrote: >>On 10:39 am, a...@roiban.ro wrote: >>>Hi, >>> >>>I work at an experimental FTPS implementation for >>>twisted.protocol.ftp >>> >>>I use the following code for checking that the transport has TLS >>>started and to get the client certificate for certificate based >>>authentication: >>> >>> @property >>> def is_ftps_command_active(self): >>> '''Return `True` if current command connection is using >>>SSL.''' >>> return isinstance(self.transport.socket, SSL.Connection) >> >>Instead, check `ISSLTransport.providedBy(self.transport)`. >>`ISSLTransport` comes from `twisted.internet.interfaces`. > >I can get the peer certificate, but >ISSLTransport.providedBy(self.transport) returns False.
That sounds like a bug in the new TLS implementation, then. :/ Can you file a bug report? Be sure to include how you set up the connection (connectSSL or startTLS or whatever). >I am still new to Twisted. For me the transport looks like it has some >kind sorcery attached since getPeerCertificate is not listed by >dir(self.transport) > >Not sure what I got here :) Yea. There's some method proxying going on. Thanks, Jean-Paul >(Pdb) self.transport.getPeerCertificate() ><X509 object at 0x9fc5af0> >(Pdb) ISSLTransport.providedBy(self.transport) >False >(Pdb) dir(self.transport) >['__doc__', '__getattr__', '__implemented__', '__init__', >'__module__', '__providedBy__', '__provides__', 'connected', >'connectionLost', 'connectionMade', 'dataReceived', 'disconnecting', >'factory', 'getHost', 'getPeer', 'logPrefix', 'loseConnection', >'makeConnection', 'registerProducer', 'stopConsuming', 'transport', >'unregisterProducer', 'wrappedProtocol', 'write', 'writeSequence'] >>> def getPeerCertificate(self): >>> '''Return the peer certificate if remote peer is on a SSL >>>connection >>> and has sent us a certificate. >>> Return `None` otherwise. >>> ''' >>> if not hasattr(self.transport, 'socket'): >>> return None >>> if not self.is_ftps_command_active: >>> return None >>> return self.transport.socket.get_peer_certificate() >> >>Heh. :) Instead, use `transport.getPeerCertificate()`. >>`getPeerCertificate` is a method specified by `ISSLTransport`. > >Thanks! :) > >I was able to get the peer certificate. > >---- > >The full code is here: >https://github.com/chevah/txftps/tree/master/txftps >It uses twisted.internet.tcp.Server for FTP command channel and >TLSMemoryBIOProtocol for data channel. > >Phil, you can take a look at how the context is configured. >The context is defined here: >https://github.com/chevah/txftps/blob/master/txftps/ssl.py > > >-- >Adi Roiban > >_______________________________________________ >Twisted-Python mailing list >Twisted-Python@twistedmatrix.com >http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
