when are client certificates verified?
I have a server that requires client authentication and a client that has certs to authenticate itself. They appear to work - the server doesn't accept the client connection when the client doesn't have certs and does accept the client connection when the client does have certs. They also don't cause errors when paired with s_client and s_server. I'm passing set_verify SSL.VERIFY_PEER | SSL.VERIFY_
However, the server context's set_verify callback only gets called when verification is successful, and I'm wondering why. If I pass set_verify only SSL.VERIFY, the callback is never called. Does verification also happen at some earlier time? If that's the case, what is the purpose of the callback? Is my code just wrong?
The code uses Twisted, but the context is set up using pyOpenSSL calls. I've included the complete code in case it helps, and hopefully the surrounding Twisted code isn't a deterrent (also Jean-Paul I see you're the maintainer here :) ).
The server and client code are also here if that's easier:
http://
Thank you,
Jessica
==== Server ====
from twisted.internet import ssl, reactor
from twisted.
from OpenSSL import SSL
class Echo(Protocol):
def dataReceived(self, data):
def verify_
if not ok:
print "Bad Certs"
return False
else:
print "Certs are fine"
return ok
if __name__ == '__main__':
factory = Factory()
factory.
myContextFa
)
ctx = myContextFactor
ctx.set_verify(
)
ctx.
reactor.
reactor.run()
==== Client ====
from twisted.
from twisted.
from twisted.internet import ssl, reactor
from OpenSSL import SSL
class EchoClient(
def connectionMade(
print "hello, world"
def dataReceived(self, data):
print "Server said:", data
class EchoClientFacto
protocol = EchoClient
def clientConnectio
print "Connection failed - goodbye!"
def clientConnectio
print "Connection lost - goodbye!"
class CtxFactory(
def getContext(self):
self.method = SSL.SSLv23_METHOD
ctx = ssl.ClientConte
return ctx
if __name__ == '__main__':
factory = EchoClientFactory()
reactor.
reactor.run()
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- pyOpenSSL Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: