urllib with x509 certs
Hi, i tried what you suggest but still asking me for the password, this time twice. Please i need help so this is for my thesis. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu -- https://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
Hello! I've solved this problem, using pyCurl. Here is sample code. import pycurl import StringIO b = StringIO.StringIO() c = pycurl.Curl() url = 'https://example.com/' c.setopt(pycurl.URL, url) c.setopt(pycurl.WRITEFUNCTION, b.write) c.setopt(pycurl.CAINFO, 'cert.crt') c.setopt(pycurl.SSLKEY, 'mykey.key') c.setopt(pycurl.SSLCERT, 'mycert.cer') c.setopt(pycurl.SSLKEYPASSWD , 'pass phrase') c.perform() This also allow to specify CA, so your requests are more secure then with urllib. With regards, Max. -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
> Thanks for the reply. I want my key to be as secure as possible. So I > will remove pass phrase if only there is no other possibility to go > through authentication. And you put the passphrase into the source code instead? How does it make that more secure? Regards, Martin -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
2009/7/4 Lacrima : > On Jul 4, 11:24 am, Chris Rebert wrote: >> On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote: >> > Hello! >> >> > I am trying to use urllib to fetch some internet resources, using my >> > client x509 certificate. >> > I have divided my .p12 file into mykey.key and mycert.cer files. >> > Then I use following approach: >> import urllib >> url = 'https://example.com' >> xml = ''' >> > ... somexml >> > ''' >> opener = urllib.URLopener(key_file = 'mykey.key', cert_file = >> 'mycert.cer') >> f = opener.open(url, xml) >> >> > This works Ok! But every time I am asked to enter PEM pass phrase, >> > which I specified during dividing my .p12 file. >> > So my question... What should I do to make my code fetch any url >> > automatically (without asking me every time to enter pass phrase)? >> > As I understand there is impossible to specify pass phrase while >> > constructing URLopener. >> > So what should I do? >> >> Subclass FancyURLopener >> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener], >> overriding the prompt_user_passwd() method >> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prom...]. >> Then use an instance of your subclass instead of URLopener. >> >> Cheers, >> Chris >> --http://blog.rebertia.com > > Hi Chris, > Thanks for your quick reply. > According to docs the return value of prompt_user_passwd() method > should be a tuple (user, password), but there is no user when > authenticating with certificate. So how should I use this method? This > doesn't work: import urllib class MyOpener(urllib.FancyURLopener): > ... def prompt_user_passwd(self, host, realm): > ... return ('password') Only a guess: def prompt_user_passwd(self, host, realm): return ('', 'password') Cheers, Chris -- http://blog.rebertia.com -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Jul 4, 12:38 pm, "Martin v. Löwis" wrote: > > This works Ok! But every time I am asked to enter PEM pass phrase, > > which I specified during dividing my .p12 file. > > So my question... What should I do to make my code fetch any url > > automatically (without asking me every time to enter pass phrase)? > > As I understand there is impossible to specify pass phrase while > > constructing URLopener. > > So what should I do? > > You can remove the passphrase on the private key, e.g. with the > openssl rsa utility. > > Regards, > Martin Hi Martin! Thanks for the reply. I want my key to be as secure as possible. So I will remove pass phrase if only there is no other possibility to go through authentication. With regards, Max -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Jul 4, 11:24 am, Chris Rebert wrote: > On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote: > > Hello! > > > I am trying to use urllib to fetch some internet resources, using my > > client x509 certificate. > > I have divided my .p12 file into mykey.key and mycert.cer files. > > Then I use following approach: > import urllib > url = 'https://example.com' > xml = ''' > > ... somexml > > ''' > opener = urllib.URLopener(key_file = 'mykey.key', cert_file = > 'mycert.cer') > f = opener.open(url, xml) > > > This works Ok! But every time I am asked to enter PEM pass phrase, > > which I specified during dividing my .p12 file. > > So my question... What should I do to make my code fetch any url > > automatically (without asking me every time to enter pass phrase)? > > As I understand there is impossible to specify pass phrase while > > constructing URLopener. > > So what should I do? > > Subclass FancyURLopener > [http://docs.python.org/library/urllib.html#urllib.FancyURLopener], > overriding the prompt_user_passwd() method > [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prom...]. > Then use an instance of your subclass instead of URLopener. > > Cheers, > Chris > --http://blog.rebertia.com Hi Chris, Thanks for your quick reply. According to docs the return value of prompt_user_passwd() method should be a tuple (user, password), but there is no user when authenticating with certificate. So how should I use this method? This doesn't work: >>> import urllib >>> class MyOpener(urllib.FancyURLopener): ... def prompt_user_passwd(self, host, realm): ... return ('password') ... With regards, Max -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
> This works Ok! But every time I am asked to enter PEM pass phrase, > which I specified during dividing my .p12 file. > So my question... What should I do to make my code fetch any url > automatically (without asking me every time to enter pass phrase)? > As I understand there is impossible to specify pass phrase while > constructing URLopener. > So what should I do? You can remove the passphrase on the private key, e.g. with the openssl rsa utility. Regards, Martin -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote: > Hello! > > I am trying to use urllib to fetch some internet resources, using my > client x509 certificate. > I have divided my .p12 file into mykey.key and mycert.cer files. > Then I use following approach: import urllib url = 'https://example.com' xml = ''' > ... somexml > ''' opener = urllib.URLopener(key_file = 'mykey.key', cert_file = 'mycert.cer') f = opener.open(url, xml) > > This works Ok! But every time I am asked to enter PEM pass phrase, > which I specified during dividing my .p12 file. > So my question... What should I do to make my code fetch any url > automatically (without asking me every time to enter pass phrase)? > As I understand there is impossible to specify pass phrase while > constructing URLopener. > So what should I do? Subclass FancyURLopener [http://docs.python.org/library/urllib.html#urllib.FancyURLopener], overriding the prompt_user_passwd() method [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prompt_user_passwd]. Then use an instance of your subclass instead of URLopener. Cheers, Chris -- http://blog.rebertia.com -- http://mail.python.org/mailman/listinfo/python-list
urllib with x509 certs
Hello! I am trying to use urllib to fetch some internet resources, using my client x509 certificate. I have divided my .p12 file into mykey.key and mycert.cer files. Then I use following approach: >>> import urllib >>> url = 'https://example.com' >>> xml = ''' ... somexml ''' >>> opener = urllib.URLopener(key_file = 'mykey.key', cert_file = 'mycert.cer') >>> f = opener.open(url, xml) This works Ok! But every time I am asked to enter PEM pass phrase, which I specified during dividing my .p12 file. So my question... What should I do to make my code fetch any url automatically (without asking me every time to enter pass phrase)? As I understand there is impossible to specify pass phrase while constructing URLopener. So what should I do? With regards, Max (sorry if my English isn't very proper) -- http://mail.python.org/mailman/listinfo/python-list