> On Oct 26, 2017, at 6:35 AM, Enoch W. <i...@hotmail.com> wrote: > > Thanks Jason, > > With a more specific error message raised by github latest code [thanks!] the > problem became clear. > I suggest to change the documentation of 'optionsForClientTLS' - > > from: > ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, > clientCertificate=mycert) > > to: > ctx = ssl.optionsForClientTLS(commonName, trustRoot=root, > clientCertificate=mycert) > > That is, what this ctx (the contextFactory) really expects is the server's > certificate commonName which often is, but not in my case, the server's > hostName. > > Interestingly, Python's standard ssl package does not verify this field.
It sounds like you somehow installed Twisted without the "service_identity" module; it only verifies commonName if it has no other choice. When you install Twisted, be sure to install the `tls` extra: pip install twisted[tls]. -glyph
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python