Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using SSL Certificate, PrivateKey, CertChains with Python Flask/Twisted
from OpenSSL.crypto import load_privatekey, load_certificate, FILETYPE_PEM
#from OpenSSL.SSL import SSLv3_METHOD
from twisted.internet import reactor
from twisted.internet.ssl import CertificateOptions, DefaultOpenSSLContextFactory, DiffieHellmanParameters
from twisted.web import proxy, server
from twisted.python.filepath import FilePath
sample_site = server.Site(proxy.ReverseProxyResource('localhost', 80, '')) # ignore it.
# AES256-SHA
#certOptions = DefaultOpenSSLContextFactory('server.key', 'server.crt')
# ECDHE-RSA-AES256-SHA
certOptions = CertificateOptions(
privateKey=load_privatekey(FILETYPE_PEM, FilePath("private.key").getContent()), # PKey Object
certificate=load_certificate(FILETYPE_PEM, FilePath("server.crt").getContent()), # X509 Object
# method=SSLv3_METHOD,
dhParameters=DiffieHellmanParameters.fromFile(FilePath('dh_param_1024.pem')),
extraCertChain=[load_certificate(FILETYPE_PEM, FilePath(filename).getContent()) for filename in ("chain1.crt", "chain2.crt", "chain3.crt")]
)
reactor.listenSSL(443, sample_site, certOptions)
reactor.run()
from flask import Flask
app = Flask(__name__)
app.run('0.0.0.0', port=443, ssl_context=('merged.crt','private.key')) # cat server.crt chain1.crt chain2.crt ... > merged.crt
@minhoryang

This comment has been minimized.

Copy link
Owner Author

minhoryang commented Apr 25, 2015

For the extraCertChain, hierarchically ordered certificate files.
(I'm not sure what if it wasn't ordered.)

@minhoryang

This comment has been minimized.

Copy link
Owner Author

minhoryang commented Apr 25, 2015

SSLv3 was disabled. (DisableSSL3.com)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.