我正在尝试编写一个 https 服务器和客户端。我创建了一个 CA 以及一个私钥和一个用于测试的自签名证书。
这是我的测试服务器:
#!/usr/bin/env python
import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL
CERTIFICATE_PATH = os.getcwd() + '/CA/cacert.pem'
KEY_PATH = os.getcwd() + '/CA/private/key.pem'
class SecureHTTPServer(HTTPServer):
def __init__(self, server_address, HandlerClass):
BaseServer.__init__(self, server_address, HandlerClass)
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey_file(KEY_PATH)
ctx.use_certificate_file(CERTIFICATE_PATH)
self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))
self.server_bind()
self.server_activate()
class MemberUpdateHandler(SimpleHTTPRequestHandler):
def setup(self):
self.connection = self.request
self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
def do_GET(self):
try:
print 'path:', self.path
print self.path.endswith('.txt')
if self.path.endswith('.txt'):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
self.wfile.write("successful")
return
else:
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
self.wfile.write("not successful")
except IOError:
self.send_error(404, 'What you talking about willis?')
def test(HandlerClass = MemberUpdateHandler,
ServerClass = SecureHTTPServer):
server_address = ('', 4242)
httpd = ServerClass(server_address, HandlerClass)
sa = httpd.socket.getsockname()
print "serving HTTPS on:", sa[0], "port:", sa[1], "..."
httpd.serve_forever()
if __name__ == '__main__':
test()
和我的简单客户:
#!/usr/bin/env python
import os
import httplib
import socket
KEY_FILE = os.getcwd() + '/CA/private/key.pem'
CERT_FILE = os.getcwd() + '/CA/certs/01.pem'
GET = "GET"
conn = httplib.HTTPSConnection('0.0.0.0', '4242', cert_file = CERT_FILE)
conn.request(GET, "/this.txt")
response = conn.getresponse()
print response.status, response.reason, response.read()
conn.close()
当我尝试添加 cert_file = CERT_FILE 如果我从调用中删除它时,就会出现我的问题,它可以工作。但我认为我没有得到我想要的验证。
这是我尝试时遇到的错误:
在服务器端:
Exception happened during processing of request from ('127.0.0.1', 55283)
Traceback (most recent call last):
File "/usr/lib/python2.6/SocketServer.py", line 281, in _handle_request_noblock
self.process_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
self.finish_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.6/SocketServer.py", line 615, in __init__
self.handle()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle
self.handle_one_request()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request
self.raw_requestline = self.rfile.readline()
File "/usr/lib/python2.6/socket.py", line 406, in readline
data = self._sock.recv(self._rbufsize)
Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]
从客户那里:
File "HTTPSClient.py", line 19, in <module>
conn.request(GET, "/this.txt")
File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
我应该在那里发送什么文件?我有一个 CA 证书、一个签名证书和一个私钥。我能够找到的文档非常稀少。