From: Remy C. C. <dev...@sm...> - 2003-07-30 09:28:40
|
Hi, For my application, I created a class sslTransport and used this in creating the server object. class sslTransport(xmlrpclib.SafeTransport): """Enables ssl transport with client certificates.""" def __init__(self, x509): """Added to enable client SSL certificates.""" self.x509 = x509 def make_connection(self, host): """Extended to include x509 certificate.""" return xmlrpclib.SafeTransport.make_connection(self, (host, self.x509)) And the client code: x509 = {'key_file': 'client.pkey', 'cert_file':'client.cert'} server = xmlrpclib.ServerProxy('https://host:port', sslTransport(x509)) Regards, Remy Cool On Tuesday 29 July 2003 19:54, Yannick Gingras wrote: > Hi, > I try do customize the SafeTransport of xmlrpclib to do > certificate validation (signature and the like). I use you > SecureXMLRPCServer from the distribution. > > It works perfectly if I keep the standard SafeTransport but if I > try : > > > class CustomTransport(SafeTransport): > def make_connection(self, host): > conn = SafeTransport.make_connection(self, host) > addr = (conn._conn.host, conn._conn.port) > ctx = SSL.Context(SSL.SSLv23_METHOD) > ctx.set_options(SSL.OP_NO_SSLv2) > sslConn = SSL.Connection( ctx, socket.socket( > socket.AF_INET, socket.SOCK_DGRAM) ) sslConn.connect(addr) > sslConn.set_connect_state() > sslConn.renegotiate() > sslConn.do_handshake() > # must update the socket in conn here > print (sslConn.get_peer_certificate()) > # do the certificate validation here > return conn > > > I receive this trace : > > File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__ > return self.__send(self.__name, args) > File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request > verbose=self.__verbose > File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request > h = self.make_connection(host) > File > "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py", > line 32, in make_connection > sslConn.do_handshake() > SSL.Error [('SSL routines', 'SSL_clear', 'internal error')] > > I'm not a SSL guru so I wonder what I may have done wrong. Is this > the right way to make a SLL connection with pyOpenSSL ? I use > Python 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I > tried M2Crypto). > > Thanks for your time ! |