2

Going through the Tornado docs, I can't seem to find a treatment about two way SSL authentication. Currently the codes looks something like this using self-signed certificates:

import tornado.ioloop
import tornado.web
import tornado.httpserver

class fooHandler(tornado.web.RequestHandler):
    def get(self):
      #Do Something

if __name__ == "__main__":
    application = tornado.web.Application([
        (r"/foo/", fooHandler),
    ])
    http_server = tornado.httpserver.HTTPServer(application, ssl_options={
            "certfile": "./cert.pem",
            "keyfile": "./key.pem",
        })
    http_server.listen(8888)
    tornado.ioloop.IOLoop.instance().start()
4

1 回答 1

1

你需要设置verify_mode你的ssl.SSLContext

ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain("cert.pem", "key.pem")
# If your certs are not self-signed, load your CA certificates here.
#ssl_ctx.load_verify_locations("cacerts.pem")
ssl_ctx.verify_mode = ssl.CERT_REQUIRED
http_server = HTTPServer(application, ssl_options=ssl_ctx)

然后就可以self.request.get_ssl_certificate用来获取客户端的证书了。

于 2015-10-06T00:15:25.460 回答