[Python-il] xmlrpc over ssl
danken at cs.technion.ac.il
Thu Feb 28 19:26:59 IST 2008
On Tue, Jan 08, 2008 at 09:20:07AM +0200, Dan Kenigsberg wrote:
> On Tue, Jan 08, 2008 at 12:07:41AM +0200, Meir Kriheli wrote:
> > Dan Kenigsberg wrote:
> > >Dear List,
> > >
> > >I saw that creating an XML-RPC client-server system in python is very
> > >simple.
> > >However, when I wanted to see how to do it all over SSL, everything got
> > >complicated. I'd like the server to authenticate the client, and hopefully
> > >vice
> > >versa. What is the recommended way of doing it?
> > Maybe this can help (note the comments regarding a change for python 2.5):
> > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496786
> Thanks, though it would be nice to understand what's wrong with the pyOpelSSL
> This recipe takes me a bit forward, but still does not help much because it does
> not give a clue on how the client should supply its certificate. (it also does
> not give means of checking the certificate on the server, but I'm guessing that
> this could be changed by adding
> ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
> in the appropriate place)
> So, if anyone has an even better bit of info, please come forward.
OK. It took me a awhile to tie the loose ends, but now it works. I'll lay it out
here for the archive's sake.
First, you need to have
* a fake truststore in the lines of
Then, in the client, you should
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 16)
I've put a complete working example on
Dan Kenigsberg http://www.cs.technion.ac.il/~danken ICQ 162180901
More information about the Python-il