I have a couple projects I am working on where I would like to make HTTPS requests using Twisted. I reviewed the articles "Using TLS in Twisted" [1] and "Using the Twisted Web Client" (section "HTTP over SSL") [2]. It seems like various options exist that will allow me to make HTTPS requests using the CA certs bundled on the client OS.
I would like to be able to tell my HTTPS clients to accept specific *internal* CA certificates *in addition* to the certificates provided by the OS. Initially, I thought this might be possible by passing a custom t.w.c.BrowserLikePolicyForHTTPS to the t.w.c.Agent as its `contextFactory` argument. I wasn't quite sure how to go about doing this, so I got some advice on StackOverflow [3]. With some slight modifications to the solution presented there, I was able to create a custom Trust Root that accepted a list of paths to CA cert files in PEM format that I wanted to add to the client. The custom trust root is passed to the BrowserLikePolicyForHTTPS. The policy is passed to the Agent. The one hitch is that the IOpenSSLTrustRoot interface upon which my custom trust root is based is located in `twisted.internet._sslverify`[4], which if I understand correctly, is a private module and not supposed to be used as an API. Is there a *supported* way to specify *additional* CA certs to use during SSL verification when making HTTPS requests using Twisted? If so, what is the recommended method? Another related concept that was not clear to me is how one might specify the SSL method (e.g. SSLv23_METHOD, SSLv3_METHOD, etc.) when making the request. Is there some recommended way to pass options to indicate the SSL method that ought to be used? Any guidance would be appreciated. Thanks, Carl Waldbieser [1] https://twistedmatrix.com/documents/current/core/howto/ssl.html [2] http://twistedmatrix.com/documents/current/web/howto/client.html#http-over-ssl [3] http://stackoverflow.com/questions/26166444/twisted-python-how-to-create-a-twisted-web-client-browserlikepolicyforhttps-with [4] http://twistedmatrix.com/documents/current/api/twisted.internet._sslverify.IOpenSSLTrustRoot.html
_______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
