[twill] Twill and SSL client authientication support

Julien Gilli julien.gilli at gmail.com
Sun Sep 18 14:33:25 PDT 2005


On 9/18/05, Titus Brown <titus at caltech.edu> wrote:
> I honestly don't know much about this use of SSL! How would it work
> from a Web browser? I've never needed a client certificate before.

Basically, you get a certificate (stored in a file) from a certification 
authority. It is added to a keystore that stores your private and public 
keys along with your certificate.

Whenever a web site wants to authenticate you using a client certificate, a 
dialog pops up asking you to choose which certificate you would like to use 
to authenticate.

Every modern web browser is able to do this. 
As a employee of a company that develops a PKI which uses a web user 
interface, i use client side authentificatin daily.

if it's just a matter of writing a few interface functions then
> it'd be easy.

Basically, what we need is a set of command like the following (this list is 
not complete) :
* changeClientCert(client_cert) : change the client certificate used to 
authenticate for the next client authentication request. Using null as 
client_cert is like using no certificate to authenticate.

* addCertToKeystore(cert) : add a certificate to the key store

Twill could have his own keystore or use the one provided by the different 
available browsers.

I expect it would be relatively easy to add commands to retrieve, parse,
> and check the server certificate.

I think so. I'm currently trying evaluate the best solution to setup an 
automated web testing framework in our company, and i could implement this 
if we choose Twill.

Thank you very much for your insights.

Julien Gilli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.idyll.org/pipermail/twill/attachments/20050918/1078db40/attachment.html

More information about the twill mailing list