I've found that httplib.HTTPSConnection doesn't perform an automatic server certificate check. As far as I've understood the problem, I need to add that functionality manually, e.g. by subclassing this class as described here.
As I'm using Python2.4.5 and an upgrade is not possible under the given circumstances, I cannot use the workaround given in this blog post, because the ssl module has not been introduced until Py2.6.
I've been trying to avoid the usage of the ssl module by using M2Crypto. A promising approach for doing so is contained in this blog post (in the "Clients" section). But I haven't yet managed to override httplib.HTTPSConnection.connect appropriately by using that approach.
Any ideas or hints?
Try this site maybe: http://www.cs.technion.ac.il/~danken/xmlrpc-ssl.html
It requires SSL but doesn't require the Python SSL module. It only requires Open SSL library.
Related
Our end-to-end tests use Django's LiveServerTestCase with Selenium. So far we have only been able to run these on insecure urls. However, some of the libraries that we use (Square) require a page to be on https even in sandbox mode.
When attempting to connect to a secure url, Selenium/Chrome Webdriver simply shows the standard SSL not supported error:
This site can’t provide a secure connection chezpierre.localtest.me sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Does anyone know if it is possible to enable https on a LiveServerTestCase?
If not, does anyone have a working workaround for this? I'm trying to avoid running a separate https proxy on our build box, but it seems like it might be the only way.
After quick research I found out that this is impossible in Django suggested by this old code ticket https://code.djangoproject.com/ticket/25328
I also found out that you could setup a tunnel to bypass this issue. However this applies to django development server. This is kind of tricky so I am leaving links to posts as the method is rather long:
https://www.ianlewis.org/en/testing-https-djangos-development-server
or
How can I test https connections with Django as easily as I can non-https connections using 'runserver'?
ALTERNATIVE - In my opinion better
There is also a simpler way using an external package. It gives you out of the box a https capable django development server. The project is active and maintained
https://github.com/teddziuba/django-sslserver
I am using buildbot version 0.8.5 and need to send an HTTP post request from it as a step. After searching for it on internet, I found that the latest version 0.8.8 has a step called HTTPStep for doing so. Is there any similar step in the older version?
I know it can be done using batch file or python program using urllib2. but is there any other way to do it?
You should be able to use the HTTPStep from 0.8.8 (provided you install the necessary dependency (https://pypi.python.org/pypi/txrequests and http://python-requests.org/)). Just copy the http.py file from 0.8.8 next to your master.cfg, and have your master.cfg import the HTTPStep derived class POST from module http instead of buildbot.steps.http.
Some small adjustments might be needed to make it work with the API of 0.8.5 though.
Just my thoughts..As far as I know it is better to use a python script from a build step. Simple and easy to control. The logic being:
the entire buildbot is inside one http connection/session and sending another http request somewhere might have issues with the connection/session.
from the buildbot httpstep description, you need to install additional python packages which might be not be so convenient to do on multiple slaves/masters.
Is there a way for a Python/Twisted program to cleanly make use of the list of root certificates that Internet Explorer uses to validate an SSL connection to an HTTPS server? The answers provided to Validate SSL certificates with Python are very helpful but the example code gets the root certificates by reading the Unix specific directory /etc/ssl/certs/*.pem and it's not clear to me what the Windows equivalent of this would be.
The Windows equivalent is "copy /etc/ssl/certs/*.pem from your Linux machine". Mac and Windows have different native APIs for getting at their respective certificate stores, which Twisted doesn't directly support. They don't use OpenSSL certificates natively, and they certainly don't put things in as straightforward a layout as 'directory of PEM files'. If you can export your trust roots as PEMs, you could then ask Twisted (well, really, OpenSSL via PyOpenSSL) to verify it that way.
I am abstractly interested in doing this in a super-portable way, but I've never actually tried it. Here are some links to get you started: SecureTransport reference, Microsoft Cryptography Functions.
In the SecureTransport reference, the documentation points out that SSLGetTrustedRoots is deprecated but doesn't mention the alternative SSLCopyTrustedRoots which isn't. That's probably the API you want to start with on a Mac (via PyObjC). On Windows, I'm really not sure, except somewhere in that pile of functions there's probably one that does what you would like, and maybe you can call it with ctypes :).
I have been trying to get information regarding expired ssl certificates using python 3 but it would be nice to be able to get as verbose a workup as possible. any takers?
So far i have been trying to use urllib.request to get this info (to no avail), does this strike anyone as foolish?
I have seen some examples of similar work using older versions of python, but nothing using v3.
http://objectmix.com/python/737581-re-urllib-getting-ssl-certificate-info.html
http://www.mail-archive.com/python-list#python.org/msg208150.html
The 3.1.1 documentation for SSL has an example.
I need to use Python to access data from a RESTful web service that requires certificate-based client authentication (PKI) over SSL/HTTPS. What is the recommended way of doing this?
The suggestion by stribika using httplib.HTTPSConnection should work for you provided that you do not need to verify the server's certificate. If you do want/need to verify the server, you'll need to look at a 3rd party module such as pyOpenSSL (which is a Python wrapper around a subset of the OpenSSL library).
I found this: http://code.activestate.com/recipes/117004/
I did not try it so it may not work.
I would recommend using M2Crypto. If you are a Twisted guy, M2Crypto integrates with Twisted so you can let Twisted handle the networking stuff and M2Crypto the SSL/verification/validation stuff.