diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/http-client.py | 22 | ||||
| -rw-r--r-- | scripts/http-server.py | 30 |
2 files changed, 24 insertions, 28 deletions
diff --git a/scripts/http-client.py b/scripts/http-client.py index 35091f26..02af3659 100644 --- a/scripts/http-client.py +++ b/scripts/http-client.py @@ -15,21 +15,15 @@ f = open("biz-certs/Dave-EE.key", "r") privateKey = tlslite.api.parsePEMKey(f.read(), private=True) f.close() -# There doesn't seem to be any existing OpenSSL-based python HTTPS -# client which bothers to check the server's certificate. tlslite -# does check, but only when it's using cryptlib...which doesn't -# compile on FreeBSD this week due to a completely unrelated symbol -# collision with another FreeBSD package (don't ask). -# -# The mechanism that requires cryptlib is the x509TrustList parameter to -# tlslite.api.HTTPTLSConnection(), which looks just about perfect other -# than requiring cryptlib. Not sure how much work it would be to get -# this to work with M2Crypto (would help if M2Crypto were documented). -# -# For the moment, just punt on the issue, as this is test code. In -# production this would be a problem. +x509TrustList = [] +for file in ("biz-certs/Alice-Root.cer", "biz-certs/Bob-Root.cer", "biz-certs/Carol-Root.cer"): + f = open(file, "r") + x509 = tlslite.api.X509() + x509.parse(f.read()) + f.close() + x509TrustList.append(x509) -https = tlslite.api.HTTPTLSConnection(host="localhost", port=8080, certChain=certChain, privateKey=privateKey) +https = tlslite.api.HTTPTLSConnection(host="localhost", port=4433, certChain=certChain, privateKey=privateKey, x509TrustList=x509TrustList) https.connect() https.request("POST", "/", "This is a test. This is only a test. Had this been real you would now be really confused.\n", {"Content-Type":"application/wombat"}) diff --git a/scripts/http-server.py b/scripts/http-server.py index bedf85c1..4417bf84 100644 --- a/scripts/http-server.py +++ b/scripts/http-server.py @@ -22,6 +22,21 @@ class requestHandler(BaseHTTPServer.BaseHTTPRequestHandler): self.wfile.write(echo) +certChain = [] +for file in ("biz-certs/Carol-EE.cer", "biz-certs/Carol-CA.cer"): + f = open(file, "r") + x509 = tlslite.api.X509() + x509.parse(f.read()) + f.close() + certChain.append(x509) +certChain = tlslite.api.X509CertChain(certChain) + +f = open("biz-certs/Carol-EE.key", "r") +privateKey = tlslite.api.parsePEMKey(f.read(), private=True) +f.close() + +sessionCache = tlslite.api.SessionCache() + class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): def handshake(self, tlsConnection): @@ -34,19 +49,6 @@ class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer): except tlslite.api.TLSError, error: print "TLS handshake failure:", str(error) return False - -f = open("biz-certs/Carol-EE.cer", "r") -x509 = tlslite.api.X509() -x509.parse(f.read()) -f.close() - -certChain = tlslite.api.X509CertChain([x509]) - -f = open("biz-certs/Carol-EE.key", "r") -privateKey = tlslite.api.parsePEMKey(f.read(), private=True) -f.close() - -sessionCache = tlslite.api.SessionCache() -httpd = httpServer(("", 8080), requestHandler) +httpd = httpServer(("", 4433), requestHandler) httpd.serve_forever() |