2

我有一个需要客户端使用证书进行身份验证的 python 服务器,我如何制作一个使用客户端证书的客户端脚本,以便由 python 中的服务器使用 ssl 和套接字模块进行身份验证。

有没有使用套接字和 ssl 的例子,但没有扭曲?

from OpenSSL import SSL
from twisted.internet import ssl, reactor
from twisted.internet.protocol import ClientFactory, Protocol

class EchoClient(Protocol):
    def connectionMade(self):
    "print connected"

    def dataReceived(self, data):
        print "Server said:", data
        self.transport.loseConnection()

class EchoClientFactory(ClientFactory):
    protocol = EchoClient

    def clientConnectionFailed(self, connector, reason):
        print "Connection failed - goodbye!"
        reactor.stop()

    def clientConnectionLost(self, connector, reason):
        print "Connection lost - goodbye!"
        reactor.stop()

class CtxFactory(ssl.ClientContextFactory):
    def getContext(self):
        self.method = SSL.TLSv1_METHOD
        ctx = ssl.ClientContextFactory.getContext(self)
        ctx.use_certificate_file('client.crt')
        ctx.use_privatekey_file('client.key')
        return ctx

if __name__ == '__main__':

    factory = EchoClientFactory()
    reactor.connectSSL('localhost', 8080, factory, CtxFactory())
    reactor.run()
4

1 回答 1

2 
import socket, ssl, pprint

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# require a certificate from the server
ssl_sock = ssl.wrap_socket(s,
                keyfile="client.key",
                certfile="client.crt",
                ca_certs="ca.crt",
                cert_reqs=ssl.CERT_REQUIRED)

ssl_sock.connect(('127.0.0.1', 8080))

print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())

ssl_sock.write("testing")
data = ssl_sock.read()
print data

ssl_sock.close()
于 2012-06-14T06:52:11.260 回答