[mod_python] Swig, and mod_ssl

Rich Salz rsalz at caveosystems.com
Thu Aug 17 15:51:10 EST 2000


> That'd be interesting to see.

Let me play with it a day or two and I'll send the patch along.

> I'd really appreciate a lamens terms explanation of what it is you're
> trying to get out of mod_ssl and what are the steps issues involved with
> it?

The simplest thing is: I want to be able to get the the DN of the client
and their entire cert, if there is one.  With this, I can do all my own
authorization rules in my python code.  Later on, I want to be able to
control what crypto protocols they're using, etc.

> I'm somwhat familiar with use of openssl to generate certificates and
> such, but I know next to nothing about mod_ssl internals.

> P.S. Does SWIG really have to be involved in order for this to work?

No.  It just saves me a lot of time. SWIG is a "compiler" that read C
(and, to some extent) C++ header files, and generates all the python
code to map the datatypes, and wrappers that convert from Py objects to
the C objects, and back.  Simple things (numbers strings) get mapped
directly, others are only exposed as pointers unless you write your own
conversions.  There are some good examples at http://www.swig.org

Ng Pheng Siong has a package, M2Crypto, that exposes most of the OpenSSL
functions up through python (via swig) -- see
http://www.post1.com/home/ngps.  So all I need is a little glue code
(i.e., my get_swig_handle patch) and I can do what I need.
	/r$



More information about the Mod_python mailing list