[FRPythoneers] SSL Client Authentication over HTTPS

Evelyn Mitchell efm at tummy.com
Thu Feb 28 23:19:19 MST 2002


Well, the big reason I mentioned it, was because you said you were planning
on doing this in Java/Python for client-side auth.

By the way, this looks pretty darn cool:

  http://jpe.sourceforge.net/

Call java from python or python from java.

efm

* On 2002-03-01 06:09 Rob Riggs <rob at pangalactic.org> wrote:
> CRLs are especially important when doing client auth with SSL, since 
> that's the only way to disable access to individual cert holders.
> 
> But if Joe Average Admin is acting as a CA, it's generally as a "private 
> CA" (no external trust) where the only one that has and trusts the CA's 
> cert is the CA owner or his/her close associates. So your only 
> "responsibility" is to yourself or your organization. So far I've never 
> needed a CRL.
> 
> Evelyn Mitchell wrote:
> 
> >Cool, thanks. 
> >
> >>>From what little I know, if you are acting as a CA (Certificate Authority), 
> >then you have the responsibility to offer a CRL. It should be checked
> >automatically when you present the cert.
> >
> >efm
> >* On 2002-03-01 05:37 Rob Riggs <rob at pangalactic.org> wrote:
> >
> >>Sure. Since it's the web server that doing the authentication -- Apache 
> >>supports CRLs.
> >>
> >>Now, I have no idea how to do CRLs with the Python SSL code yet, but we 
> >>aren't talking about authenticating in that direction here.
> >>
> >>Evelyn Mitchell wrote:
> >>
> >>>Nice module Rob, but I was wondering whether this checks CSRs
> >>>(Certificate Revocation Lists).
> >>>
> >>>
> >>>* On 2002-03-01 05:10 Rob Riggs <rob at pangalactic.org> wrote:
> >>>
> >>>>Just thought I'd point the folks on this list to a new Python Cookbook 
> >>>>entry I submitted on doing SSL client authentication with Apache. I 
> >>>>decided to do a Python version while we were trying to get this going at 
> >>>>work using Java.
> >>>>
> >>>>You can find the recipe here: 
> >>>>http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/117004
> >>>>
> >>>>It's all of 12 lines of code.
> >>>>
> >>>>Enjoy.
> >>>>
> >>>>-Rob
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>_______________________________________________
> >>>>This message sent by the FRPythoneers mailing list.
> >>>>Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
> >>>>URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers
> >>>>
> >>
> >>
> >>_______________________________________________
> >>This message sent by the FRPythoneers mailing list.
> >>Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
> >>URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers
> >>
> >
> 
> 
> 
> _______________________________________________
> This message sent by the FRPythoneers mailing list.
> Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
> URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers

-- 
Regards,                    tummy.com, ltd 
Evelyn Mitchell             Linux Consulting since 1995
efm at tummy.com               Senior System and Network Administrators
                            http://www.tummy.com/



More information about the FRPythoneers mailing list