Changeset 4145 for TI12-security/trunk


Ignore:
Timestamp:
28/08/08 09:55:31 (11 years ago)
Author:
pjkersha
Message:

Added capability for SSL client Authentication.

  • Client cert and private key are passed to init via the clntCertFilePath and clntPriKeyFilePath keywords respectively.
  • Tested against Apache mod_ssl setup with SSLRequire directive set to require a particular DN component.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r4035 r4145  
    171171        @keyword writeTimeout: similar to read timeout''' 
    172172         
    173         if 'postConnectionCheck' in kw: 
    174             self._postConnectionCheck = kw.pop('postConnectionCheck') 
    175         else: 
    176             self._postConnectionCheck = SSL.Checker.Checker 
     173        self._postConnectionCheck = kw.pop('postConnectionCheck', 
     174                                           SSL.Checker.Checker) 
    177175         
    178176        if 'readTimeout' in kw: 
     
    191189        else: 
    192190            self.writeTimeout = HTTPSConnection.defWriteTimeout 
    193              
     191     
     192        self._clntCertFilePath = kw.pop('clntCertFilePath', None) 
     193        self._clntPriKeyFilePath = kw.pop('clntPriKeyFilePath', None) 
     194         
    194195        _HTTPSConnection.__init__(self, *args, **kw) 
     196         
     197        # load up certificate stuff 
     198        if self._clntCertFilePath is not None and \ 
     199           self._clntPriKeyFilePath is not None: 
     200            self.ssl_ctx.load_cert(self._clntCertFilePath,  
     201                                   self._clntPriKeyFilePath) 
    195202         
    196203         
     
    198205        '''Overload M2Crypto.httpslib.HTTPSConnection to enable 
    199206        custom post connection check of peer certificate and socket timeout''' 
     207 
    200208        self.sock = SSL.Connection(self.ssl_ctx) 
    201209        self.sock.set_post_connection_check_callback( 
Note: See TracChangeset for help on using the changeset viewer.