Hynek Thanks for the information.
Very interesting. I was wondering how to get the mozilla cert package. For the server I need to provide a certificate that can be verified by an external source. I used the requests package to test that it could verify my certificate without knowing exactly what it was doing. As far as I could see it verified the certificate and I then got an external source to also connect and send information having verified the certificate. That worked whereas before they had failed with SSL errors. So for the server, the certificate, key and godaddy bundle seem to be working. I found the DefaultOpenSSLContextFactory by googling for clues as to what to do. I then looked up the source to see what it required. And it seemed to do the trick. I have seen the documentation pointing at CertificateOptions but while I was trying to find out how I could get my godaddy bundle added in I found DefaultOpenSSlContextFactory which was easy to add my bundle to. It was not clear how I could do that with CertificateOptions. When I tried, I got unknown key argument because it seemed I could pass a key argument in but all my attempts failed. I have twisted 14.0.0 on one machine and twisted 14.0.2 on another and I bounce between them checking what works on one also works on the other. I have a lot of stuff running on the machine with 14.0.0 so I was not keen to upgrade until I had a clear idea of what I as doing. For the client I need to connect back to the external site. I can do this without verifying the certificate, but it would seem these days that is no longer sufficient. So I needed twisted.web.Agent to be able to verify the remote certificate. Trying that and once again googling for BrowserLikeContextFactory, I find that it has a real problem verifying hostnames. And your name features heavily in the list of people who have looked at the problem. I found that on windows 7 32 bit I could not get it to work. It always returned an SSL error. So for the time being I have abandoned that and am ignoring the problem. Just relying on finding and accepting any certificate. I need most of all to make sure that the server side is working properly, so your information is extremely welcome. I shall have to look at CertificateOptions again and see what the problem is. I have a feeling that everything is working with SSLv3 since all the error messages come back mentioning SSLv3. So I imagine at some point I need to be able to specify TLS and one of its variants. I hope I have explained a bit more clearly what I am trying to do. Regards -- *John Aherne* *www.rocs.co.uk <http://www.rocs.co.uk>* 020 7223 7567
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python