urllib with x509 certs
Hi, i tried what you suggest but still asking me for the password, this time twice. Please i need help so this is for my thesis. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu -- https://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
Hello! I've solved this problem, using pyCurl. Here is sample code. import pycurl import StringIO b = StringIO.StringIO() c = pycurl.Curl() url = 'https://example.com/' c.setopt(pycurl.URL, url) c.setopt(pycurl.WRITEFUNCTION, b.write) c.setopt(pycurl.CAINFO, 'cert.crt') c.setopt(pycurl.SSLKEY, 'mykey.key') c.setopt(pycurl.SSLCERT, 'mycert.cer') c.setopt(pycurl.SSLKEYPASSWD , 'pass phrase') c.perform() This also allow to specify CA, so your requests are more secure then with urllib. With regards, Max. -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
> Thanks for the reply. I want my key to be as secure as possible. So I > will remove pass phrase if only there is no other possibility to go > through authentication. And you put the passphrase into the source code instead? How does it make that more secure? Regards, Martin -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
2009/7/4 Lacrima :
> On Jul 4, 11:24 am, Chris Rebert wrote:
>> On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote:
>> > Hello!
>>
>> > I am trying to use urllib to fetch some internet resources, using my
>> > client x509 certificate.
>> > I have divided my .p12 file into mykey.key and mycert.cer files.
>> > Then I use following approach:
>> import urllib
>> url = 'https://example.com'
>> xml = '''
>> > ... somexml
>> > '''
>> opener = urllib.URLopener(key_file = 'mykey.key', cert_file =
>> 'mycert.cer')
>> f = opener.open(url, xml)
>>
>> > This works Ok! But every time I am asked to enter PEM pass phrase,
>> > which I specified during dividing my .p12 file.
>> > So my question... What should I do to make my code fetch any url
>> > automatically (without asking me every time to enter pass phrase)?
>> > As I understand there is impossible to specify pass phrase while
>> > constructing URLopener.
>> > So what should I do?
>>
>> Subclass FancyURLopener
>> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener],
>> overriding the prompt_user_passwd() method
>> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prom...].
>> Then use an instance of your subclass instead of URLopener.
>>
>> Cheers,
>> Chris
>> --http://blog.rebertia.com
>
> Hi Chris,
> Thanks for your quick reply.
> According to docs the return value of prompt_user_passwd() method
> should be a tuple (user, password), but there is no user when
> authenticating with certificate. So how should I use this method? This
> doesn't work:
import urllib
class MyOpener(urllib.FancyURLopener):
> ... def prompt_user_passwd(self, host, realm):
> ... return ('password')
Only a guess:
def prompt_user_passwd(self, host, realm):
return ('', 'password')
Cheers,
Chris
--
http://blog.rebertia.com
--
http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Jul 4, 12:38 pm, "Martin v. Löwis" wrote: > > This works Ok! But every time I am asked to enter PEM pass phrase, > > which I specified during dividing my .p12 file. > > So my question... What should I do to make my code fetch any url > > automatically (without asking me every time to enter pass phrase)? > > As I understand there is impossible to specify pass phrase while > > constructing URLopener. > > So what should I do? > > You can remove the passphrase on the private key, e.g. with the > openssl rsa utility. > > Regards, > Martin Hi Martin! Thanks for the reply. I want my key to be as secure as possible. So I will remove pass phrase if only there is no other possibility to go through authentication. With regards, Max -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Jul 4, 11:24 am, Chris Rebert wrote:
> On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote:
> > Hello!
>
> > I am trying to use urllib to fetch some internet resources, using my
> > client x509 certificate.
> > I have divided my .p12 file into mykey.key and mycert.cer files.
> > Then I use following approach:
> import urllib
> url = 'https://example.com'
> xml = '''
> > ... somexml
> > '''
> opener = urllib.URLopener(key_file = 'mykey.key', cert_file =
> 'mycert.cer')
> f = opener.open(url, xml)
>
> > This works Ok! But every time I am asked to enter PEM pass phrase,
> > which I specified during dividing my .p12 file.
> > So my question... What should I do to make my code fetch any url
> > automatically (without asking me every time to enter pass phrase)?
> > As I understand there is impossible to specify pass phrase while
> > constructing URLopener.
> > So what should I do?
>
> Subclass FancyURLopener
> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener],
> overriding the prompt_user_passwd() method
> [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prom...].
> Then use an instance of your subclass instead of URLopener.
>
> Cheers,
> Chris
> --http://blog.rebertia.com
Hi Chris,
Thanks for your quick reply.
According to docs the return value of prompt_user_passwd() method
should be a tuple (user, password), but there is no user when
authenticating with certificate. So how should I use this method? This
doesn't work:
>>> import urllib
>>> class MyOpener(urllib.FancyURLopener):
... def prompt_user_passwd(self, host, realm):
... return ('password')
...
With regards, Max
--
http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
> This works Ok! But every time I am asked to enter PEM pass phrase, > which I specified during dividing my .p12 file. > So my question... What should I do to make my code fetch any url > automatically (without asking me every time to enter pass phrase)? > As I understand there is impossible to specify pass phrase while > constructing URLopener. > So what should I do? You can remove the passphrase on the private key, e.g. with the openssl rsa utility. Regards, Martin -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib with x509 certs
On Sat, Jul 4, 2009 at 1:12 AM, Lacrima wrote: > Hello! > > I am trying to use urllib to fetch some internet resources, using my > client x509 certificate. > I have divided my .p12 file into mykey.key and mycert.cer files. > Then I use following approach: import urllib url = 'https://example.com' xml = ''' > ... somexml > ''' opener = urllib.URLopener(key_file = 'mykey.key', cert_file = 'mycert.cer') f = opener.open(url, xml) > > This works Ok! But every time I am asked to enter PEM pass phrase, > which I specified during dividing my .p12 file. > So my question... What should I do to make my code fetch any url > automatically (without asking me every time to enter pass phrase)? > As I understand there is impossible to specify pass phrase while > constructing URLopener. > So what should I do? Subclass FancyURLopener [http://docs.python.org/library/urllib.html#urllib.FancyURLopener], overriding the prompt_user_passwd() method [http://docs.python.org/library/urllib.html#urllib.FancyURLopener.prompt_user_passwd]. Then use an instance of your subclass instead of URLopener. Cheers, Chris -- http://blog.rebertia.com -- http://mail.python.org/mailman/listinfo/python-list
urllib with x509 certs
Hello! I am trying to use urllib to fetch some internet resources, using my client x509 certificate. I have divided my .p12 file into mykey.key and mycert.cer files. Then I use following approach: >>> import urllib >>> url = 'https://example.com' >>> xml = ''' ... somexml ''' >>> opener = urllib.URLopener(key_file = 'mykey.key', cert_file = 'mycert.cer') >>> f = opener.open(url, xml) This works Ok! But every time I am asked to enter PEM pass phrase, which I specified during dividing my .p12 file. So my question... What should I do to make my code fetch any url automatically (without asking me every time to enter pass phrase)? As I understand there is impossible to specify pass phrase while constructing URLopener. So what should I do? With regards, Max (sorry if my English isn't very proper) -- http://mail.python.org/mailman/listinfo/python-list
