1

我正在设计一个 ssl 服务器,我在其中使用 ssl 的twisted,它需要客户端证书身份验证才能继续程序,当我验证客户端的 ssl 证书时,它返回 True,但我想在客户端证书,以便我可以在处理程序类中获取该特定客户端的设置,您能帮帮我吗?

from OpenSSL import SSL
from twisted.internet import ssl, reactor
from twisted.internet.protocol import Factory, Protocol
from twisted.web import server, resource, static, twcgi

class Handler(Protocol):
    def dataReceived(self, data):
        self.transport.write(data)

    def connectionMade(self):
        self.transport.write('hello world')

def verifyCallback(connection, x509, errnum, errdepth, ok):
    global client_username
    if not ok:
        return False
    else:           
        return True

if __name__ == '__main__':

    #setting up ssl json server
    factory = Factory()
    factory.protocol = Handler
    myContextFactory = ssl.DefaultOpenSSLContextFactory('server.key', 'server.crt',SSL.TLSv1_METHOD)
    ctx = myContextFactory.getContext()
    ctx.load_verify_locations("ca.crt")
    ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,verifyCallback)
    reactor.listenSSL(8080, factory,myContextFactory)
    reactor.run()
4

1 回答 1

2

调用或其他协议方法(仅transport.getPeerCertificate在您收到一些数据之后)Protocol.dataReceived

于 2012-06-11T17:31:07.093 回答