[twill] HTTPS client certificates (was Re: Twill question)

John J Lee jjl at pobox.com
Sat May 27 07:33:03 PDT 2006


On Fri, 26 May 2006, Wayne Wang wrote:
[...wants https client auth...]

OK, I added the necessary boilerplate to mechanize (haven't committed 
yet), but the basic support for this that comes with Python didn't work 
for me on a local test server I set up, so I couldn't get it working with 
mechanize either.

Wayne, and anybody else who uses client certificates and is inclined to 
help out: could you try running this script, after replacing HTTPS_URL 
with a URL on the secure site you're trying to access, and KEY_FILE and 
CERT_FILE with the full filenames where you keep those?

I'm afraid you have to convert the p12 file into separate PEM-format key 
and cert files using e.g. OpenSSL:

openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.pem
openssl pkcs12 -nocerts -in cert.p12 -out key.pem


HTTPS_URL = "https://example.com:443/restricted/foo.html"
KEY_FILE = r"c:\blah\blah\key.pem"
CERT_FILE = r"c:\blah\blah\cert.pem"

import urllib
urllib.URLopener(key_file=KEY_FILE,
                  cert_file=CERT_FILE,
                  )
r = urllib.urlopen()
print r.read()


John




More information about the twill mailing list