码迷,mamicode.com
首页 > 编程语言 > 详细

https双向认证(python)

时间:2018-04-27 18:03:33      阅读:399      评论:0      收藏:0      [点我收藏+]

标签:UI   context   max   like   AC   ssl   and   .so   pem   

SSL Client Authentication over HTTPS (Python recipe)

A 16-line python application that demonstrates SSL client authentication over HTTPS.
We also explain the basics of how to set up Apache to require SSL client authentication. This assumes at least Python-2.2 compiled with SSL support, and Apache with mod_ssl

On the server, I‘m initializing the SSLContext with my private key, the certfile provided by the CA that I‘m loading from the caroot.crt file. Now, when I initialize this with something like node, everything works fine (for example: Setting up SSL with node.js). My intentions were to set everything up the same way. My assumption is that during the handshake, the server is providing the client with a CA, just like my node server would. It seems like that‘s not the case. What am I doing wrong?

If ssl.CERT_REQUIRED isn‘t used, everything works perfectly, but I‘m wanting to validate that the endpoint (server) is who they say they are.

Server

import socket
import ssl

context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.load_cert_chain(certfile='./path/to/certfile.crt', 
    keyfile='./path/to/keyfile.pem')
context.load_verify_locations('./path/to/caroot.crt')
context.set_default_verify_paths()

server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.bind(('', 23000))
server_socket.listen(socket.SOMAXCONN)

def handle_client(ssl_socket):
    data = ssl_socket.read()
    while data:
        print("%s" % (str(data)))
        data = ssl_socket.read()

while True:
    client_socket, addr = server_socket.accept()
    ssl_client_socket = context.wrap_socket(client_socket, server_side=True)
    handle_client(ssl_client_socket)

Client

import socket
import ssl

context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
# I'm assuming this is not necessary, but I'd like to load the system provided CAs
context.set_default_verify_paths()
# Require CA validation to prevent MITM.
context.verify_mode = ssl.CERT_REQUIRED

client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_client = context.wrap_socket(client_socket)
ssl_client.connect(('', 23000))
ssl_client.send(bytes('hello, world!', 'UTF-8'))

As it turns out, my CA provided 3 different crt files. My solution was to append them in a specific order to generate the correct CA chain that was being passed to context.load_verify_locations.

https双向认证(python)

标签:UI   context   max   like   AC   ssl   and   .so   pem   

原文地址:https://www.cnblogs.com/sixloop/p/8963351.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!