# --- CLIENT CODE ---

import ssl
import asyncio


async def main():
    ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
    ctx.load_verify_locations(cafile='server.cert')

    # Load client certificate to check it works when provided
    # ctx.load_cert_chain(certfile='client.cert', keyfile='client.key')

    # Without a verified certificate, that should fail...
    reader, writer = await asyncio.open_connection('localhost', 4443, ssl=ctx)

    print('receiving:', await reader.readline(), reader.at_eof())
    writer.close()


asyncio.run(main())


# --- SERVER CODE ---

import ssl
import asyncio


async def client_cb(reader, writer):
    print('client connection!', reader, writer)
    writer.write(b'hello!\n')
    writer.close()


async def main():
    ctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH, cafile='client.cert')
    ctx.verify_mode = ssl.VerifyMode.CERT_REQUIRED
    ctx.load_cert_chain(certfile='server.cert', keyfile='server.key')

    # Uncomment this and client connections without cert will fail...
    # ctx.maximum_version = ssl.TLSVersion.TLSv1_2

    server = await asyncio.start_server(client_cb, host='localhost', port=4443, ssl=ctx)
    print('start serving forever')
    await server.serve_forever()


asyncio.run(main())