Add support for TLS/SSL mutual authentication #396
Conversation
Add support in the TLS_FTPHandler to check a client certificate. This type of support strengthens the security between the client and the server, only allowing clients with a valid certificate to connect to the server. Updated the api.rst file with the two new configurable options to make client authentication work
| @@ -3414,6 +3415,9 @@ class TLS_FTPHandler(SSLConnection, FTPHandler): | |||
| certfile = None | |||
| keyfile = None | |||
| ssl_protocol = SSL.SSLv23_METHOD | |||
| # client certificate configurable attributes | |||
There was a problem hiding this comment.
Looks like this line is still using tabs, rather than spaces.
|
Just out of curiosity, what happens when the certificate is invalid? Does it just print "Bad client certificate detected" or does the connection get refused? Should some kind of warning or exception be raised, so that it can be detected programmatically? |
|
Connection gets rejected. The error sent to the client through pyOpenSSL is a standard ssl error with the correct information in it - the client I'm using (WinSCP) shows that the certificate is invalid (or if no certificate is sent, then it shows that the server is expecting a certificate). I'll add screenshots when i create a new pull request. |
|
No need to keep creating new PRs - you can simply update the existing PR with |
|
Thanks @lurch, will do |
|
Client error screenshots (WinSCP) when attempting connection with a bad certificate and with no certificate. |
|
Anyone have ideas why Python 3.x is getting socket timeout errors in the AppVeyor build/test? |
| @@ -3449,6 +3453,15 @@ def __init__(self, conn, server, ioloop=None): | |||
|
|
|||
| def __repr__(self): | |||
| return FTPHandler.__repr__(self) | |||
|
|
|||
There was a problem hiding this comment.
flake8 (which is run by the Travis builds) is complaining about this line being blank, but still containing space characters
|
Some preliminary questions:
Some considerations:
|
| #print "Bad client certificate detected." | ||
| #else: | ||
| #print "Client certificate ok." | ||
| return ok |
There was a problem hiding this comment.
If this is called when a client connects, as I suppose, then this should be a classmethod.
|
Answers to your questions @giampaolo
|
But what happens on the server side? The client gets disconnected? When exactly? Is an exception raised? Is the callback function called before or after that happens? |
|
The client gets disconnected during the SSL handshake. Sample log: After the handshake fails, the checks you already have in place take care of handling it gracefully and the server just keeps going. |
Cleaned up the support for client certificate checking Added test file for specific client authentication tests - Good cert (allows connection) - Bad cert (does not allow connection) - No cert (does not allow connection)
|
Cleaned up code and added tests |
| CERTFILE = os.path.abspath(os.path.join(os.path.dirname(__file__), | ||
| 'keycert.pem')) | ||
| CLIENT_CERTFILE = os.path.abspath(os.path.join(os.path.dirname(__file__), | ||
| 'clientcert.pem')) |
There was a problem hiding this comment.
Looks like you forgot to add this clientcert.pem file to the PR?
Fix description in api.rst Add clientcert.pem Rename test file to avoid tests attempting to run two servers on the same port, causing all sorts of SSL mayhem and timeout issues
Fix syntax per Flake8 comments https://travis-ci.org/giampaolo/pyftpdlib/jobs/155320579
remove trailing whitespace
|
@giampaolo Apparently flake8 no longer supports Python 2.6 (https://gitlab.com/pycqa/flake8/issues/187 ) |
|
I think at this point none of the failing tests are due to my changes |
|
This PR is refined by #428 and can be closed. |
Add support for client certificat authentication in TLS_FTPHandler