Skip to content

python-client

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

python-client

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
client.py
client.py
 
 
requirements.txt
requirements.txt
 
 

README.md

Python mTLS Client Example

A simple HTTPS client with mutual TLS authentication using Python's built-in modules.

Features

  • ✅ Mutual TLS authentication
  • ✅ Server certificate verification
  • ✅ Multiple endpoint tests
  • ✅ No external dependencies (uses stdlib only)
  • ✅ Pretty printed JSON output

Prerequisites

  • Python 3.7+ (built-in ssl and urllib modules)
  • Certificates generated by the mtls CLI tool
  • Running mTLS server (Python, Node.js, Go, or Caddy)

Setup

# No dependencies needed for basic functionality
# Optional: Install alternative HTTP library
pip install -r requirements.txt

Running the Client

# Make executable (optional)
chmod +x client.py

# Run directly
python3 client.py

# Or
./client.py

What It Tests

The client tests 4 endpoints:

  1. GET / - Main endpoint, displays client certificate info
  2. GET /health - Health check endpoint
  3. GET /api/data - Fetches sample data with metadata
  4. POST /api/echo - Sends JSON and receives echo response

Certificate Loading

The client creates an SSL context with mTLS:

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.minimum_version = ssl.TLSVersion.TLSv1_2

# Load client certificate
context.load_cert_chain(
    certfile='server-cert.pem',
    keyfile='server-key.pem'
)

# Load CA for server verification
context.load_verify_locations(cafile='ca-cert.pem')

# Verify server certificate
context.check_hostname = True
context.verify_mode = ssl.CERT_REQUIRED

Configuration

You can modify the server URL in client.py:

SERVER_URL = "https://localhost:8443"

Example Output

🔒 mTLS Python Client
=====================

📡 Test 1: Main endpoint (GET /)
✅ Status: 200
   Message: mTLS Python Server
   Client Certificate: localhost
   Verified: True
   Server Time: 2024-01-15T10:30:00.000000

📡 Test 2: Health check (GET /health)
✅ Status: 200
   Response: OK

📡 Test 3: API data (GET /api/data)
✅ Status: 200
   Data:
   {
     "timestamp": "2024-01-15T10:30:00.000000",
     "client": { ... },
     "server": { ... }
   }

📡 Test 4: Echo test (POST /api/echo)
✅ Status: 200
   Response: { ... }

✅ All tests completed successfully!

Alternative: Using Requests Library

If you prefer the requests library (install with pip install requests):

import requests

# Create session with certificates
session = requests.Session()
session.cert = ('server-cert.pem', 'server-key.pem')
session.verify = 'ca-cert.pem'

# Make request
response = session.get('https://localhost:8443/')

Troubleshooting

Connection refused:

  • Make sure the server is running on the correct port
  • Check if certificates are in the correct location

Certificate verification failed:

  • Ensure all certificates are signed by the same CA
  • Check certificate expiration dates
  • Verify CA certificate is loaded correctly

SSL protocol error:

  • Server might not support the TLS version
  • Certificate might be corrupted or in wrong format

Hostname doesn't match:

  • Ensure check_hostname=True matches the certificate's CN/SAN
  • For localhost testing, certificate must include 'localhost' in SAN