README
======

Documentation
-------------

https://docs.python.org/3/library/ssl.html

Gnration des Certificats
--------------------------

Commenons par gnrer notre prorpe autorit de certification ou CA.

   $ certtool --generate-privkey --outfile ca.key
   $ certtool --generate-self-signed --load-privkey ca.key --outfile ca.crt
   $ certtool --certificate-info --infile ca.crt   

  * La plupart des champs peuvent rester vides.
  * Common name: CA
  * The certificate will expire in (days): 255  
  * Does the certificate belong to an authority? (y/N): y
  * Will the certificate be used to sign other certificates? (y/N): y

Gnrons maintenant le certifcat de notre serveur. Ici, pour faire nos tests client/serveur en local, nous allons utiliser @IP=127.0.0.1

   $ certtool --generate-privkey --outfile server.key
   $ certtool --generate-certificate --load-privkey server.key --outfile server.crt --load-ca-certificate ca.crt --load-ca-privkey ca.key
   $ certtool --certificate-info --infile server.crt
   
  * La plupart des champs peuvent rester vides
  * CN=@IP
  * DNSName=@IP			# useful ?
  * IP address=@IP		# useful ?
  * The certificate will expire in (days): 255
  * Will the certificate be used for signing (required for TLS)? (y/N): y
  * Will the certificate be used for encryption (not required for TLS)? (y/N): y

On peut vrifier nos certificats avec GNU TLS :

  $ gnutls-serv --echo --x509keyfile=server.key --x509certfile=server.crt --port=7777
  $ gnutls-cli --x509cafile ca.crt -p 7777 127.0.0.1


SSL Client/Server Echo in Python3
---------------------------------

  $ ./sslserver.py
  $ ./sslclient.py
