summaryrefslogtreecommitdiff
path: root/doc/howto.https.docbook
blob: c097e0c453ee8133813813251cf019d52b86ed53 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
  <!ENTITY m2-blurb SYSTEM "m2_blurb.docbook">
]>

<article>
    <articleinfo>
    <title>HOWTO: Programming HTTPS in Python with M2Crypto</title>

    <author>
      <firstname>Pheng Siong</firstname>
      <surname>Ng</surname>
      <affiliation>
        <address><email>ngps@netmemetic.com</email></address>
      </affiliation>
    </author>

    <copyright>
      <year>2001</year>
      <year>2002</year>
      <holder>Ng Pheng Siong.</holder>
    </copyright>

    <revhistory>
      <revision>
      <revnumber>$Revision: 1.1 $</revnumber>
      <date>$Date: 2003/06/22 16:41:18 $</date>
      </revision>
    </revhistory>
    </articleinfo>

    <sect1 id="introduction">
    <title>Introduction</title>
    &m2-blurb;

    <para>This document demonstrates programming HTTPS clients and servers
    with M2Crypto.
    </para>
    </sect1>

    <sect1 id="https"> 
    <title>Programming HTTPS</title> 
    <para>HTTPS - HTTP over SSL/TLS 
    <citation>RFC XXXX</citation> - provides a XXX
    </para> 

    <para>Python has had good HTTP support for several years now. M2Crypto's
    HTTPS functionality mostly adopts the interfaces in Python's HTTP modules.
    </para>

    <para>In this HOWTO, we shall begin with writing HTTPS clients. Now, to
    test the HTTPS clients we write, we need a HTTPS server; conversely, to
    test our HTTPS servers, we need a HTTPS client. ;-) </para>

    <para> All the programs we write in this HOWTO are found in
    &lt;m2crypto&gt;/demo/https.howto/. Additionally, a number of programs from
    &lt;m2crypto&gt;/demo/ssl are also copied into this directory; their names are
    prefixed by "orig". These "orig" programs shall be our known-working HTTPS
    clients and servers.  </para> </sect1>

    <sect1 id="ssldump"> 
    <title>ssldump</title> 

    <para>ssldump "is an SSLv3/TLS network protocol analyser. It identifies
    TCP connections on the chosen network interface and attempts to interpret
    them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
    decodes the records and displays them in a textual form to stdout. If
    provided with the appropriate keying material, it will also decrypt the
    connections and display the application data traffic.  
    </para>
    
    <para>
    If linked with OpenSSL, ssldump can display certificates in decoded form
    and decrypt traffic (provided that it has the appropriate keying
    material)."
    </para>

    <para>ssldump is written by Eric Rescorla.
    </para>
    </sect1>

    <sect1 id="orig-https-srv.py">
    <title>orig_https_srv.py</title>
    <para>orig_https_srv.py is an enhanced version of SimpleHTTPServer that
    features the following: </para>

    <itemizedlist mark=opencircle>
    <listitem>
    <para>Works over HTTPS.
    </para>
    </listitem>

    <listitem>
    <para>Uses one thread per connection.
    </para>
    </listitem>

    <listitem>
    <para>Generates directory listings.
    </para>
    </listitem>

    <listitem>
    <para>Displays SSL handshaking and SSL session info.
    </para>
    </listitem>

    <listitem>
    <para>Performs SSL renegotiation when a magic URL is requested.
    </para>
    </listitem>
    </itemizedlist>

    <para>Invoke orig_https_srv.py thusly:
    </para>

    <screen>
    <userinput>
$ python orig_https_srv.py
    </userinput>
    </screen>

    <para>By default, orig_https_srv.py serves HTTPS on port 9443.
    </para>
    </sect1>

    <sect1 id="history"> 
    <title>A bit of history</title> 
    <para> M2Crypto was created during the time of Python 1.5, which features
    a module httplib providing client-side HTTP functionality. M2Crypto sports
    a httpslib based on httplib.
    </para>

    <para>
    Beginning with version 2.0, Python's socket module provided
    (rudimentary) SSL support. Also in the same version, httplib was
    enhanced with class HTTPConnection, which is more sophisticated than
    the old class HTTP, and HTTPSConnection, which does HTTPS.
    </para>

    <para>
    Subsequently, M2Crypto.httpslib grew a compatible (but not identical)
    class HTTPSConnection. 
    </para>
    
    <para>
    The primary interface difference between the two HTTPSConnection
    classes is that M2Crypto's version accepts an M2Crypto.SSL.Context
    instance as a parameter, whereas Python 2.x's SSL support does not
    permit Pythonic control of the SSL context.
    </para>

    <para> Within the implementations, Python's
    <classname>HTTPSConnection</classname> employs a
    <classname>FakeSocket</classname> object, which collects all input from
    the SSL connection before returning it to the application as a
    <classname>StringIO</classname> buffer, whereas M2Crypto's
    <classname>HTTPSConnection</classname> uses a buffering
    <classname>M2Crypto.BIO.IOBuffer</classname> object that works over the
    underlying M2Crypto.SSL.Connection directly.  </para> </sect1>

    <sect1 id="simple-get"> 
    <title>A simple HTTPS GET client using M2Crypto.httpslib</title> 

    <para> Let us now look at possibly the simplest HTTPS client we will ever
    write.
    </para>
    </sect1>

    <sect1 id="simple-post"> 
    <title>A simple HTTPS-POST client</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="threaded-cli"> 
    <title>A multi-threaded HTTPS client</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="async-cli"> 
    <title>An asynchronous HTTPS client</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="session-reuse"> 
    <title>Re-using SSL session </title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="threaded-reuse-cli"> 
    <title>A multi-threaded session-reusing client</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="async-reuse-cli"> 
    <title>An asynchronous session-reusing client</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="verify-server-cert"> 
    <title>Verifying server certificate</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="using-client-cert"> 
    <title>Using client certificate</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="simple-https-server"> 
    <title>SimpleHTTPSServer</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="medusa-https-server"> 
    <title>A Medusa-based HTTPS server</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="verify-client-cert"> 
    <title>Client certificate-based authentication</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="control-session-reuse"> 
    <title>Controlling session reuse</title> 
    <para>XXX
    </para>
    </sect1>

    <sect1 id="id-kludge">
    <title></title>
    <para>
    <literal>$Id: howto.https.docbook,v 1.1 2003/06/22 16:41:18 ngps Exp $</literal>
    </para>
    </sect1>
</article>
View Lorry Controller Status