1
This example shows the SSL features of Pyro.
3
The server is created using the PYROSSL protocol, and will only
4
accept SSL connections. It installs a connection validator that
5
prints some info about the client's SSL certificate.
7
The client code is no different than regular Pyro clients,
8
because the Proxy (actually the protocol adapter) knows how
9
to deal with the PYROSSL: protocol.
11
Take a peek in the nameserver, you'll see that the server is
12
registered with a PYROSSL: uri.
15
The "certs" directory contains a bunch of example certificates.
16
Make sure that this directory can be found by Pyro.
17
(the location is specified in the PYROSSL_CERTDIR config item,
18
which defaults to "certs" in the PYRO_STORAGE directory,
19
which is by default the current directory).
21
NOTE: the supplied example certificates are only there to let
22
you initialise the SSL layer. M2Crypto/SSL will check the hostname
23
of the certificate (if it does its job), and will revoke it
24
(because I put in the hostname pyro.sourceforge.net).
26
See m2crypto homepage ( http://wiki.osafoundation.org/Projects/MeTooCrypto ) or
27
openssl documentation ( http://www.openssl.org ) for instructions on how to
28
create your own ca and server/client certificates. Here is a good guide:
29
<http://sial.org/howto/openssl/ca/> (Yes, use the Local CA and create
30
two certificates-- one for the server and one for the client).
31
Important: the creation of the CA .csr (req) files must be done in a different
32
directory, each with its own host.key. The final creation of the server.pem and
33
client.pem file is done by concatenating the requester host.key and the .cert
37
NOTE: the demo certificates provided are valid until january 2009.
38
At that moment I'll have to create new demo certificates.