Hi Dave,
yes, the ssl parameter is new to ApplicationRunner.
To conenct to a server "
example.com" that is using a self-signed
certificate "certData", you need to
from twisted.internet import ssl
authority = ssl.Certificate.loadPEM(certData)
options = ssl.optionsForClientTLS(u'
example.com', authority)
http://twistedmatrix.com/documents/current/core/howto/ssl.html#tls-echo-client
and use "options" for the ssl parameter to ApplicationRunner.
You only need the certificate of that server, not the key (which stays
private).
> 1) Do we need to create this CertificateOptions parameter from our own
> cert/key?
Yes, from the certificate. See above.
>
> 2) To save time, is there an example of how to do this somewhere? (If
> not, since twisted.internet.ssl.optionsForClientTLS() is used in
> ApplicationRunner for the default case; I guess we can look into using
> that.)
I don't think we have an example.
>
> 3) If the ApplicationRunner client is connecting to a remote
> Crossbar.io, do we need to have the remote cert/key on the client as
> well so we can create the CertificateOptions for the connection from
them?
You either need the CA cert (or the self-signed cert) OR you can disable
server verification altogether.
Hope this helps,
Cheers,
/Tobias
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
autobahnws+...@googlegroups.com
> <mailto:
autobahnws+...@googlegroups.com>.
> To post to this group, send email to
autob...@googlegroups.com
> <mailto:
autob...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/autobahnws/532fe291-eda8-4147-90e3-257f0fd8708a%40googlegroups.com
> <
https://groups.google.com/d/msgid/autobahnws/532fe291-eda8-4147-90e3-257f0fd8708a%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit
https://groups.google.com/d/optout.