[Twisted-Python] HTTPS and subjectAltName

Roland Hedberg roland.hedberg at adm.umu.se
Thu Apr 10 11:37:33 MDT 2008


Hi!

I'm building a Twisted based system where the basic components are 
nodes. Information flows between these nodes and one of the transport 
protocols that can be used are HTTP/HTTPS.

Now, both servers and clients has certificates and hostname verification 
is a must. Because of that I'd love to be able to access the 
subjectAltName extension.

I started with pyOpenSSL and I was very happy with that until I realized 
that there is no support for the subjectAltName (SAN) extension in 
pyOpenSSL.

Over to M2Crypto, which has support for SAN, but now I can not get 
anything to work. I guess there is some mismatch between the interfaces 
to the Context class provided by M2Crypto and pyOpenSSL. Because I just 
imported SSL from M2Crypto instead of OpenSSL and left the rest of the 
code more or less intact.

The error I get is:

  File 
"/Library/Frameworks/Python.framework/Versions/2.4/lib/python2.4/site-packages/twisted/internet/ssl.py", 
line 169, in createInternetSocket
  return SSL.Connection(self.ctxFactory.getContext(), sock)
  TypeError: Connection() argument 1 must be Context, not instance

So, if it possible to use M2Crypto together with Twisted ?
If so, can someone tell me what I might have missed ?

-- Roland




More information about the Twisted-Python mailing list