davka davka - 3 months ago 21
Python Question

How to create a dual-authentication HTTPS client in Python without (L)GPL libs?

Both the client and the server are internal, each has a certificate signed by the internal CA and the CA certificate. I need the client to authenticate the server's certificate against the CA certificate it has. It also should send its certificate to the server for authentication.

The urllib2 manual says that server authentication is not performed. PycURL is a natural alternative but its license is not approved yet. I would also prefer not having to compile the library from the source code but to use RPM instead.

I went over a bunch of libraries like requests, httplib2 and don't see what I need. There is also the ssl module but I don't feel like implementing http myself if I don't absolutely must.

Python 2.6 on RHEL 5.7

Answer

well, the winner (almost) is httplib2 v0.7. Starting from this version it supports SSL certificate authentication. Here's the sample code

import httplib2
client = httplib2.Http(ca_certs='ca.crt')
client.add_certificate(key='client_private_key.pem', cert='cert_client.pem', domain='')
headers, resp = client.request(query)

Note the domain='' parameter, it didn't work for me otherwise.

PS. unfortunately this simple solution does not work for me as I forgot to mention additional requirement - having RPM installation for RHEL 5.7 & Python 2.6.