On Mon, 12 Jul 2021 at 08:09, Ian Haywood <i...@haywood.id.au> wrote:
> I am trying to work out how to retrieve on the server a X.509 > certificate presented by the HTTPS client. This code tries to tell me > the transport has no peer certificate. > > same error when I use wget as a client so I think my problem is in the > server code. I'm using self-signed certificates > > Any clues as to what I'm doing wrong? > > Ian > > As commented by Glyph you will first need to setup one or a list of accepted CAs. Then setup custom server-side context. Add the CA via https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.load_verify_locations This is done via https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.set_verify to define a path or dir or implement a custom one via https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.get_cert_store Without set_verify, during the TLS/SSL handshake the server will not ask the client to send its own certificate. --------- I am using X509 authentication as a passwordless authentication for automated transfers, similar to the SSH key authentication. The x509 certificate authentication is used by the Spanish government across many of their services. Taxes, customs, health service ... -- Adi Roiban
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
