Apologies in advance for the rather basic questions I have here, but I am a bit stuck.
I am looking at ssl with twisted 14.0.0 I have loaded all the dependencies crypto, pycrypto, service_identity, six, idna, cffi, pyasn1, pyopenssl 0.14, openssl 1.0.1g I am running this on windows7, windows 2008r2 I have read through Using TLS in Twisted several times but still find myself not sure as to what I should do. I need both server and client set up. I have a server end where I have a GoDaddy certificate and certificate chain. So on the server end I need to pass to ssl.CertificateOptions the privatekey and certificate. I also need to pass in the location of the GoDaddy bundle. I have a set up using Cherrypy and this now works fine. But I need it working with Twisted. Now this is where I am not so clear. Should I pass the bundle as TrustRoot or as extraCertChain. The docs seem to say that on Windows there is no cert store to be used as trustRoot. If anyone can throw some light on this I would be very grateful. For the client using Twisted.web.Agent, I need to verify a different ssl certificate on another server system I connect to. At the moment, I can connect without verifying the certificate, but these days that is no longer acceptable. So I try the example in the docs for checking a certificate but it fails on all examples, including www.twistedmatrix.com. I assume this is because I do not have a default set of certificates in a store to check against. If I use the requests package I can get it to verify or not the server certificate, but when I turn to twisted it is not clear what I should be doing. The example specifies an 'authority' public.pem for the client to check against. So should I be looking for the way requests works where I do not specify an authority and it works by finding a bunch of certs somewhere. Or do I pass in a cert that is specific to the server I am connecting to and it will only check against that. This seems more specific and more secure. A final point. I need to be able to confirm which version of openssl I am connecting with. Is there a way to pin down which version pyopenssl is finding. Thanks for any information and pointers. -- *John Aherne* *www.rocs.co.uk <http://www.rocs.co.uk>* 020 7223 7567
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python