Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add trio example to use client cert #38

Merged
merged 5 commits into from Jan 14, 2019
Merged
Changes from 1 commit
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

🎨 Use email for client cert in docs example

  • Loading branch information...
webknjaz committed Jan 13, 2019
commit 7829dda8e322cae11527f8b61cc5688170f69a22
@@ -7,7 +7,7 @@
ca = trustme.CA()
client_ca = trustme.CA()
This conversation was marked as resolved by webknjaz

This comment has been minimized.

Copy link
@njsmith

njsmith Dec 30, 2018

Member

I feel like for a simple "here's how it works" example, it might be better to use a single CA for both certs? Of course a more complicated test setup might want to create multiple CAs and configure trust appropriately, but even if you're starting with an example that doesn't do that, it should be obvious enough how to modify it, right?

This comment has been minimized.

Copy link
@webknjaz

webknjaz Dec 30, 2018

Author Member

Well, one CA could be used. It's just that var naming help around line 24 where says that "client CA should be trusted by server context" which I think makes it a bit more explicit.

This comment has been minimized.

Copy link
@webknjaz

webknjaz Dec 31, 2018

Author Member

I can remove it if you insist

This comment has been minimized.

Copy link
@webknjaz

webknjaz Jan 4, 2019

Author Member

@njsmith so how do we proceed with this?

This comment has been minimized.

Copy link
@njsmith

njsmith Jan 9, 2019

Member

I see what you're saying about making clear which context is using the CA for what purpose, but I think it'd be simpler and just as clear to use a single CA, and then make the comments say:

    # Set up the server's SSLContext to trust our fake CA,
    # so it can validate the client's cert.
    ca.configure_trust(server_ssl_context) 
    # Set up the client's SSLContext to trust our fake CA,
    # so it can validate the server's cert.
    ca.configure_trust(client_ssl_context) 

This comment has been minimized.

Copy link
@webknjaz

webknjaz Jan 13, 2019

Author Member

Agreed.

server_cert = ca.issue_cert(u"test-host.example.org")
client_cert = client_ca.issue_cert(u"@webknjaz here")
client_cert = client_ca.issue_cert(u"client@example.org")


async def demo_server(server_raw_stream):
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.