'Simple HTTPS python server to detect weather its connected through ca-cert or not?

first i create a ca-cert key pair with

openssl req -new -x509 -keyout private_key.pem -out public_cert.pem -days 365 -nodes
Generating a RSA private key
..+++++
.................................+++++
writing new private key to 'private_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:35.222.65.55 <----------------------- this ip should be server ip very important
Email Address []:

now i run a server with python code

# libraries needed: 
from http.server import HTTPServer, SimpleHTTPRequestHandler
import ssl , socket

# address set
server_ip = '0.0.0.0'
server_port = 3389

# configuring HTTP -> HTTPS
httpd = HTTPServer((server_ip, server_port), SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket, certfile='./public_cert.pem',keyfile='./private_key.pem', server_side=True)
httpd.serve_forever()

now this server can be connected for both secure ca-cert case and ingore-ca-cert server connections when using SSL case

that is curl --cacert public_cert.pem --cert-type PEM https://35.222.65.55:3389 and curl -k https://35.222.65.55:3389 will work

how to detect if the request is ingnore-ca-cert or not from server side ?

pythonpython-3.xssl


Solution 1:[1]

how to not allow insecure connection from server side ?

The server side has no control over the certificate validation done at the client side. The server has no knowledge if the client has verified the certificate or not. Nothing in the exchanged data indicates if the client is doing a curl -k or a curl without this option. Thus it is not possible to stop clients with broken or disabled validation from connecting to the server.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?