2

i have a python server that needs a client to authenticate using certificates, how can i make a client script that uses client certificates to be authenticated by the server in python using ssl and socket modules.

is there example for this using socket and ssl only with out twisted?

from OpenSSL import SSL
from twisted.internet import ssl, reactor
from twisted.internet.protocol import ClientFactory, Protocol

class EchoClient(Protocol):
    def connectionMade(self):
    "print connected"

    def dataReceived(self, data):
        print "Server said:", data
        self.transport.loseConnection()

class EchoClientFactory(ClientFactory):
    protocol = EchoClient

    def clientConnectionFailed(self, connector, reason):
        print "Connection failed - goodbye!"
        reactor.stop()

    def clientConnectionLost(self, connector, reason):
        print "Connection lost - goodbye!"
        reactor.stop()

class CtxFactory(ssl.ClientContextFactory):
    def getContext(self):
        self.method = SSL.TLSv1_METHOD
        ctx = ssl.ClientContextFactory.getContext(self)
        ctx.use_certificate_file('client.crt')
        ctx.use_privatekey_file('client.key')
        return ctx

if __name__ == '__main__':

    factory = EchoClientFactory()
    reactor.connectSSL('localhost', 8080, factory, CtxFactory())
    reactor.run()
Improve this question
0

1 Answer 1

Reset to default
2 
import socket, ssl, pprint

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# require a certificate from the server
ssl_sock = ssl.wrap_socket(s,
                keyfile="client.key",
                certfile="client.crt",
                ca_certs="ca.crt",
                cert_reqs=ssl.CERT_REQUIRED)

ssl_sock.connect(('127.0.0.1', 8080))

print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())

ssl_sock.write("testing")
data = ssl_sock.read()
print data

ssl_sock.close()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.