Home/ Questions/Q 8224533
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T15:06:12+00:00

What is the best way to debug a Django app that runs on top

  • 0

What is the best way to debug a Django app that runs on top of TLS/SSL?

Background:

I have a Django web app that uses X.509 client side certificates for authentication. When running under Apache, my app can only be reached via HTTPS. Clients that connect to the app provide a client side certificate which Apache validates and then forwards to the app in an environment variable. The app parses the certificate and provides access controlled content.

So far, I have only been able to debug the app under regular HTTP, with “./manage.py runserver”. I have simulated an HTTPS connection by using a custom view handler middleware that kicks in, in debug mode. The view handler adds information to the request, similar to the information that would be parsed out of an actual client side certificate when run under HTTPS.

It would make debugging much easier for me if I could debug with the actual client side certificates that clients provide when connecting via HTTPS.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    We use nginx in front of Django, with client certificate checking. NGINX does the SSL termination, client cert validation, and checking against revocation list. The client cert fields are passed in header variables up to the django app.

    So then our django app doesn’t receive the cert, it just looks at the header variables. I think the same mechanism applies in Apache.

    For clients accessing the development server (e.g. ‘./manage.py runserver’), we simply have a special case in the client. Example of a python client:

      if (proto == "https"):
    conn = http.client.HTTPSConnection( "cert."+webhost+":"+port,
                                        key_file = certfile, cert_file = certfile)
    headers = {}
  else:
    # fake client for local connections.  pass cert info in headers, as it would come
    # out of nginx
    conn = http.client.HTTPConnection( webhost+":"+port)
    headers = { 'X_SSL_CLIENT_S_DN':'/C=US/ST=California/O=yyyy/CN=zzzz',
                'X_SSL_CLIENT_I_DN':'/C=US/ST=California/O=xxxx/CN=wwww',
                'X_SSL_CLIENT_SERIAL':hex(serialnum),
                'USER_AGENT':"test client user agent",}

    For unit tests, we do the same thing using the Django test client:

      from django.test.client import Client
  self.client = Client()
  response = self.client.get(url, data,
                **{
                'HTTP_X_SSL_CLIENT_S_DN':'/C=US/ST=California/O=yyyy/CN=zzzz',
                'HTTP_X_SSL_CLIENT_I_DN':'/C=US/ST=California/O=xxxx/CN=wwww',
                'HTTP_X_SSL_CLIENT_SERIAL':hex(serialnum),
                'HTTP_USER_AGENT':"test client user agent",
                })
    • 0