https雙向認證(python)

來源:互聯網
上載者:User

標籤:UI   context   max   like   AC   ssl   and   .so   pem   

SSL Client Authentication over HTTPS (Python recipe)

A 16-line python application that demonstrates SSL client authentication over HTTPS.
We also explain the basics of how to set up Apache to require SSL client authentication. This assumes at least Python-2.2 compiled with SSL support, and Apache with mod_ssl

On the server, I‘m initializing the SSLContext with my private key, the certfile provided by the CA that I‘m loading from the caroot.crt file. Now, when I initialize this with something like node, everything works fine (for example: Setting up SSL with node.js). My intentions were to set everything up the same way. My assumption is that during the handshake, the server is providing the client with a CA, just like my node server would. It seems like that‘s not the case. What am I doing wrong?

If ssl.CERT_REQUIRED isn‘t used, everything works perfectly, but I‘m wanting to validate that the endpoint (server) is who they say they are.

Server
import socketimport sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)context.load_cert_chain(certfile='./path/to/certfile.crt',     keyfile='./path/to/keyfile.pem')context.load_verify_locations('./path/to/caroot.crt')context.set_default_verify_paths()server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)server_socket.bind(('', 23000))server_socket.listen(socket.SOMAXCONN)def handle_client(ssl_socket):    data = ssl_socket.read()    while data:        print("%s" % (str(data)))        data = ssl_socket.read()while True:    client_socket, addr = server_socket.accept()    ssl_client_socket = context.wrap_socket(client_socket, server_side=True)    handle_client(ssl_client_socket)
Client
import socketimport sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)# I'm assuming this is not necessary, but I'd like to load the system provided CAscontext.set_default_verify_paths()# Require CA validation to prevent MITM.context.verify_mode = ssl.CERT_REQUIREDclient_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)ssl_client = context.wrap_socket(client_socket)ssl_client.connect(('', 23000))ssl_client.send(bytes('hello, world!', 'UTF-8'))

As it turns out, my CA provided 3 different crt files. My solution was to append them in a specific order to generate the correct CA chain that was being passed to context.load_verify_locations.

https雙向認證(python)

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.