0

我正在尝试编写一个 https 服务器和客户端。我创建了一个 CA 以及一个私钥和一个用于测试的自签名证书。

这是我的测试服务器:

#!/usr/bin/env python

import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL

CERTIFICATE_PATH = os.getcwd() + '/CA/cacert.pem'
KEY_PATH = os.getcwd() + '/CA/private/key.pem'


class SecureHTTPServer(HTTPServer):
    def __init__(self, server_address, HandlerClass):
        BaseServer.__init__(self, server_address, HandlerClass)
        ctx = SSL.Context(SSL.SSLv23_METHOD)

        ctx.use_privatekey_file(KEY_PATH)
        ctx.use_certificate_file(CERTIFICATE_PATH)

        self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))

        self.server_bind()
        self.server_activate()

class MemberUpdateHandler(SimpleHTTPRequestHandler):
    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)

    def do_GET(self):
        try:
            print 'path:', self.path
            print self.path.endswith('.txt')
            if self.path.endswith('.txt'):
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("successful")
                return
            else:
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("not successful")
        except IOError:
            self.send_error(404, 'What you talking about willis?')


def test(HandlerClass = MemberUpdateHandler,
         ServerClass = SecureHTTPServer):
    server_address = ('', 4242)
    httpd = ServerClass(server_address, HandlerClass)
    sa = httpd.socket.getsockname()
    print "serving HTTPS on:", sa[0], "port:", sa[1], "..."
    httpd.serve_forever()

if __name__ == '__main__':
    test()

和我的简单客户:

#!/usr/bin/env python

import os
import httplib
import socket

KEY_FILE = os.getcwd() + '/CA/private/key.pem'
CERT_FILE = os.getcwd() + '/CA/certs/01.pem'
GET = "GET"


conn = httplib.HTTPSConnection('0.0.0.0', '4242', cert_file = CERT_FILE)

conn.request(GET, "/this.txt")
response = conn.getresponse()
print response.status, response.reason, response.read()

conn.close()

当我尝试添加 cert_file = CERT_FILE 如果我从调用中删除它时,就会出现我的问题,它可以工作。但我认为我没有得到我想要的验证。

这是我尝试时遇到的错误:

在服务器端:

Exception happened during processing of request from ('127.0.0.1', 55283)
Traceback (most recent call last):
File "/usr/lib/python2.6/SocketServer.py", line 281, in _handle_request_noblock
  self.process_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
  self.finish_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
  self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.6/SocketServer.py", line 615, in __init__
  self.handle()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle
  self.handle_one_request()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request
 self.raw_requestline = self.rfile.readline()
File "/usr/lib/python2.6/socket.py", line 406, in readline
 data = self._sock.recv(self._rbufsize)
Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]

从客户那里:

File "HTTPSClient.py", line 19, in <module>
conn.request(GET, "/this.txt")
File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

我应该在那里发送什么文件?我有一个 CA 证书、一个签名证书和一个私钥。我能够找到的文档非常稀少。

4

1 回答 1

2

基于此[文档][1]

class httplib.HTTPSConnection(host[, port[, key_file[, cert_file[, strict[, timeout[, source_address]]]]]])
A subclass of HTTPConnection that uses SSL for communication with secure servers. Default port is 443. key_file is the name of a PEM formatted file that contains your private key. cert_file is a PEM formatted certificate chain file.

**Warning This does not do any verification of the server’s certificate.**

我不确定(没有使用 Python 的经验),但我相信 key_file 和 cert_file 用于客户端身份验证。

您可以查看有关证书验证的链接: http: //code.activestate.com/recipes/577548-https-httplib-client-connection-with-certificate-v/

于 2012-09-12T18:54:53.357 回答