[twill] Twill question
John J Lee
jjl at pobox.com
Sat May 27 15:13:34 PDT 2006
OK, mechanize SVN now supports SSL client certificates. Here's a
docstring:
def add_client_certificate(self, url, key_file, cert_file):
"""Add an SSL client certificate, for HTTPS client auth.
key_file and cert_file must be filenames of the key and certificate
files, in PEM format. You can use e.g. OpenSSL to convert a p12 (PKCS
12) file to PEM format:
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.pem
openssl pkcs12 -nocerts -in cert.p12 -out key.pem
Note that client certificate password input is very inflexible ATM. At
the moment this seems to be console only, which is presumably the
default behaviour of libopenssl. In future mechanize may support
third-party libraries that (I assume) allow more options here.
"""
This works against a local Apache server on my machine (named 'alice' in
traditional cryptographic fashion), but libopenssl does ask you to type in
the PEM pass phrase, on the console (at least on this linux box). In fact
it asks for it twice, due to the redirect from path '/certneeded' to
'/certneeded/'! As the docstring says, maybe something like M2Crypto has
support for GUI pass phrase input and pass phrase caching. If not, I
guess Python's Modules/_ssl.c would have to be replaced / rewritten to ask
libopenssl to delegate the password input appropriately.
import mechanize
br = mechanize.Browser()
host = "alice:443"
br.add_client_certificate(
host,
'/home/john/comp/dev/apache/ssl/client.key',
'/home/john/comp/dev/apache/ssl/client.crt',
)
r = br.open('https://alice:443/certneeded')
print r.get_data()
John
More information about the twill
mailing list