Tag: ssl

SSL, X509, ASN.1 and certificate validity dates

I was curious about how SSL certificates store validity information (for example when a certificate expires), so I ended up reading the X509 specification (excitingly called “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”), as well as the ASN.1 information for UTCTimes. This is all new to me, but I am sure lots of other people understand this.

In the end it wasn’t too hard, and now I have hacked support for displaying certificate validity into Python’s TLSlite. The point of this post is mainly so I can find that documentation again if I need it, although I’ll put the TLSlite patch online as soon as I have had a chance to test it a little better.

Getting Google Talk working with PyXMPP

Jacek Konieczny has written the wholly fantabulous PyXMPP, which implements Jabber clients and servers in Python. Now, Google Talk is a Jabber server, but it needs TLS support before it works. The code is all there, but the echobot example in the download (look in the examples directory) doesn’t show you how. It’s not that hard though — here’s the patch I needed to make it work:

    --- echobot.py  2005-12-26 07:25:55.000000000 -0800
+++ echobot2.py 2006-10-25 04:25:02.000000000 -0700
@@ -13,6 +13,7 @@

 from pyxmpp.all import JID,Iq,Presence,Message,StreamError
 from pyxmpp.jabber.client import JabberClient
+from pyxmpp import streamtls

 class Client(JabberClient):
     """Simple bot (client) example. Uses `pyxmpp.jabber.client.JabberClient`
@@ -28,8 +29,12 @@

         # setup client with provided connection information
         # and identity data
+
+        tls = streamtls.TLSSettings(require=True, verify_peer=False)
+        auth = ['sasl:PLAIN']
         JabberClient.__init__(self, jid, password,
-                disco_name="PyXMPP example: echo bot", disco_type="bot")
+                disco_name="PyXMPP example: echo bot", disco_type="bot",
+                tls_settings=tls, auth_methods=auth)

         # register features to be announced via Service Discovery
         self.disco_info.add_feature("jabber:iq:version")

That makes the __init__ method for the client:

    def __init__(self, jid, password):

    # if bare JID is provided add a resource -- it is required
    if not jid.resource:
        jid=JID(jid.node, jid.domain, "Echobot")

    # setup client with provided connection information
    # and identity data

    tls = streamtls.TLSSettings(require=True, verify_peer=False)
    auth = ['sasl:PLAIN']
    JabberClient.__init__(self, jid, password,
            disco_name="PyXMPP example: echo bot", disco_type="bot",
            tls_settings=tls, auth_methods=auth)

    # register features to be announced via Service Discovery
    self.disco_info.add_feature("jabber:iq:version")

Now the client works with a gtalk login:

    $ ./echobot2.py username@gmail.com supersecretthingie
creating client...
connecting...
*** State changed: resolving srv (u'gmail.com', 'xmpp-client') ***
*** State changed: resolving 'talk.l.google.com.' ***
*** State changed: connecting ('72.14.253.125', 5222) ***
*** State changed: connected ('72.14.253.125', 5222) ***
looping...
*** State changed: tls connecting  ***
*** State changed: tls connected  ***
*** State changed: fully connected  ***
*** State changed: authenticated  ***
*** State changed: binding u'Echobot' ***
*** State changed: authorized  ***
mikalstill@gmail.com/Gaim6734F991 has become available
mikalstill@gmail.com/GaimD2ECF56B has become available(away): I'm not at my
desk at work at the moment. This is probably because I'm at a meeting or
racing electric scooters. If you IM me I will see the message when I get back.
My roster:
mikalstill@gmail.com "" subscription=both groups=
Message from mikalstill@gmail.com/Gaim6734F991 received. Body: "Hello there". Type: "chat".
disconnecting...
exiting...
$

Too easy.

Update: mbot is a Google Talk bot engine built on top of this.

Twisted Python and Jabber SSL

Ok, so I thought it would be cool to be able to send Google Talk messages to my MythTV box. Can’t be too hard to write a twisted python jabber client can it? Well, after an hour of surfing, I give up. I have the simple jabber client example, but it totally doesn’t work with the Google servers, I suspect because it doesn’t do SSL. I can see one of the twisted.words maintainers filing bugs against the xish stuff too, which I suspect means it’s going to be a while.

A little bit disappointing me thinks.