current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 5 down vote favorite
1

I have a tornado server that provide an https connection with a self signed certificate that I generated this way:

openssl genrsa -out privatekey.pem 1024                                         
openssl req -new -key privatekey.pem -out certrequest.csr 
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem

The code of the server is the following: 

import tornado.ioloop
import tornado.web
import tornado.httpserver
import os

class MainHandler(tornado.web.RequestHandler):
    def get(self):
        print "new client "+str(self)
        self.write("Hello, world")

application = tornado.web.Application([
    (r"/", MainHandler),
])


http_server = tornado.httpserver.HTTPServer(application,
                                            ssl_options={
        "certfile": os.path.join("./", "certificate.pem"),
        "keyfile": os.path.join("./", "privatekey.pem"),

})

if __name__ == "__main__":
    http_server.listen(443)
    tornado.ioloop.IOLoop.instance().start()

I want to have a python client that connect to the server and check that the server is the right server (I guess through its certificate). For the moment I did a simple client like this:

import httplib
HOSTNAME='localhost'
conn = httplib.HTTPSConnection(HOSTNAME)
conn.putrequest('GET','/')
conn.endheaders()
response = conn.getresponse()
print response.read()

What would you suggest me to do (The client will later on be a mobile app I only use python for prototyping)?

Thanks.

share|improve this question
    
If you can provide me a client in Java that is also OK. –  lc2817 Nov 8 '11 at 3:47
    
related heikkitoivonen.net/blog/2010/08/23/ssl-in-python-2-7 –  J.F. Sebastian Nov 8 '11 at 3:48
    
related: stackoverflow.com/questions/1087227/… –  J.F. Sebastian Nov 8 '11 at 3:51
    
@J.F.Sebastian I have seen this answer already but I can't figure out how to adapt it to my case –  lc2817 Nov 8 '11 at 3:53
    
related: stackoverflow.com/q/1519074 –  J.F. Sebastian Nov 8 '11 at 3:55

2 Answers 2

up vote 2 down vote accepted

If you control the client side too (like in an android or iphone app) you can add your self-signed certificate to your trusted certificate store.

It is well explained here for an Android app

share|improve this answer
    
Thanks, could you give me more information on how to do it on an IPhone app? –  lc2817 Nov 8 '11 at 4:54
up vote 1 down vote

There is no way for the client to make sure that the server tells the truth. You can create a self-signed certificate for google.com.

share|improve this answer
    
Let say I could register my certificate on a certificate authority what should I do then? –  lc2817 Nov 8 '11 at 4:10
    
@lc2817: then you could use one of the answers I've linked earlier. –  J.F. Sebastian Nov 8 '11 at 4:41
    
You didn't answer to my last comment on the other links. –  lc2817 Nov 8 '11 at 4:49
1  
@lc2817: if your certificate is available locally to the client then you could add it as a trusted certificate (CA). The links contain examples (ca_certs for ssl; store.add_cert() for answer that uses Twisted, CAINFO for pycurl). Another example: urllib2_ssl.py (use ca_certs to add your self-signed certificate to the trusted list). –  J.F. Sebastian Nov 8 '11 at 5:39
    
Thank you very much, I will try this. –  lc2817 Nov 8 '11 at 7:15

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.