> On Aug 22, 2017, at 9:16 AM, Thomas Hartwich <ceebor...@gmx.de> wrote: > > Yes, you're right for sure. As an alternative I tried to instantiate an > object from twisted.internet._sslverify.OpenSSLCertificateOptions (as it is > used by PrivateCertificate e.g.): > > co = OpenSSLCertificateOptions(privateKey=pkey,certificate=cert_obj)
Please note that importing names with "._" in them is relying on private API :). The public alias for this is `twisted.internet.ssl.CertificateOptions` https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.ssl.CertificateOptions.html <https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.ssl.CertificateOptions.html> > Despite it provides a SSL-context, it does not work similarly to the > options() method I tried before from PrivateCertificate(). > > Can you tell me how I can make use of IOpenSSLServerConnectionCreator to > create a valid SSL-Context for the TLS server in my case? You should probably just use CertificateOptions - I still would like to understand why it doesn't work ;-). https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html <https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html> is documented here; this is just the interface you should implement (rather than subclassing ContextFactory and implementing getContext) if you want to do something totally custom with the OpenSSL API rather than Twisted's API; I'd still rather understand why Twisted's API, i.e. CertificateOptions, doesn't work for you. -glyph > Thank you! > > > Gesendet: Sonntag, 20. August 2017 um 22:36 Uhr > Von: Glyph <gl...@twistedmatrix.com> > An: "Twisted general discussion" <twisted-python@twistedmatrix.com> > Betreff: Re: [Twisted-Python] SSLContext not valid for TLS Server > > > > On Aug 20, 2017, at 9:30 AM, Thomas Hartwich > <ceebor...@gmx.de[mailto:ceebor...@gmx.de]> wrote: > Ok, I finally got a solution for my problem. As I know, the TLS server was > working with DefaultOpenSSLContextFactory but this only takes file paths to > private key/certificate, I created my own SSL-Context file. > > For anybody who has the same problem: > Please note that this solution will prevent the use of TLS 1.3 when it is > available, among other problems. > > DefaultOpenSSLContextFactory should be deprecated (I hope someone has the > time to do it soon), as is the 'getContext' interface that you're using (you > should be using > https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html[https://twistedmatrix.com/documents/17.5.0/api/twisted.internet.interfaces.IOpenSSLServerConnectionCreator.html] > ) so it would be really good to understand what part of the non-deprecated > TLS stack is broken for you. > > -glyph_______________________________________________ Twisted-Python mailing > list Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python[https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python] > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
