Discussion:
Two-way ssl authentication for flask/werkzeug
Eduardo Robles
2013-06-08 15:52:15 UTC
Permalink
Hello everyone,

I haven't found how one should do two-way ssl authentication with
flask/werkzeug. Is that even possible?

Regards,
Eduardo
--
You received this message because you are subscribed to the Google Groups "pocoo-libs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pocoo-libs+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To post to this group, send email to pocoo-libs-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
Visit this group at http://groups.google.com/group/pocoo-libs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
yegle
2013-06-08 16:02:15 UTC
Permalink
I think werkzeug/flask don't handle SSL at all, you need to do it on the
web server like nginx/apache.

Common practice is to setup SSL client verification on webserver. when
verification succeed, add a value to environment variable so that you can
read client cert information in werkzeug/flask

This might be wrong since I only have experience of setting SSL client
verification for PHP application on nginx.
Post by Eduardo Robles
Hello everyone,
I haven't found how one should do two-way ssl authentication with
flask/werkzeug. Is that even possible?
Regards,
Eduardo
--
You received this message because you are subscribed to the Google Groups
"pocoo-libs" group.
To unsubscribe from this group and stop receiving emails from it, send an
.
Visit this group at http://groups.google.com/group/pocoo-libs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
yegle
http://about.me/yegle
--
You received this message because you are subscribed to the Google Groups "pocoo-libs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pocoo-libs+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To post to this group, send email to pocoo-libs-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
Visit this group at http://groups.google.com/group/pocoo-libs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Eduardo Robles Elvira
2013-06-08 16:07:27 UTC
Permalink
I think werkzeug/flask don't handle SSL at all, you need to do it on the web
server like nginx/apache.
Common practice is to setup SSL client verification on webserver. when
verification succeed, add a value to environment variable so that you can
read client cert information in werkzeug/flask
This might be wrong since I only have experience of setting SSL client
verification for PHP application on nginx.
Hello yegle:

Thanks, that's exactly what mitshiko answered via irc: I have to do
that with nginx. I'll use $ssl_client_raw_cert or $ssl_client_cert to
add a header which will be available to my flask app. More
information:

http://blog.nategood.com/client-side-certificate-authentication-in-ngi
http://nginx.org/en/docs/http/ngx_http_ssl_module.html

--
Eduardo Robles Elvira +34 668 824 393 skype: edulix2
http://www.wadobo.com it's not magic, it's wadobo!
--
You received this message because you are subscribed to the Google Groups "pocoo-libs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pocoo-libs+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
To post to this group, send email to pocoo-libs-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
Visit this group at http://groups.google.com/group/pocoo-libs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Loading...