→ sunrise0406:Foundations of Python Network Programming 12/17 01:45
→ sunrise0406:Chapter 15 有提到SSL相關的資訊。 12/17 01:46
→ fcapba:你提到的這個是書嗎? 還是PYTHON的官方文件~ 12/17 02:07
→ sunrise0406:是一本書,google一下就可以載到了,載不到再寄信給我 12/20 00:12
想自己在本地端寫一個簡易的ssl server-client code
參考python的官方網站稍微改了一點點,但是卻一直遇到問題解決不了
server code:
import socket
import ssl
bindsocket = socket.socket()
bindsocket.bind(('127.0.0.1', 1234))
bindsocket.listen(5)
print 'server is waiting for connection...'
newsocket, fromaddr = bindsocket.accept()
print 'start ssl socket...'
connstream = ssl.wrap_socket(newsocket, server_side=True,
certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23)
data = connstream.read()
print 'connected from address', fromaddr
print 'received data as', repr(data)
connstream.close()
client code:
import socket
import ssl
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s, ca_certs=
"/home/ckyang/PHA/testsslsocket/myCA.crt", cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(("127.0.0.1", 1234))
ssl_sock.write("hello")
ssl_sock.close()
相關的error code:
server端:
File "views.py", line 17, in & lt;module>
connstream = ssl.wrap_socket(newsocket, server_side=True,
certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23)
File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 119, in __init__
ciphers)
ssl.SSLError: [Errno 336265218] _ssl.c:347: error:140B0002:SSL routines:
SSL_CTX_use_PrivateKey_file:system lib
client端:
File "client.py", line 10, in <module>
ssl_sock.connect(("127.0.0.1", 1234))
File "/usr/lib/python2.7/ssl.py", line 299, in connect
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 283, in do_handshake
self._sslobj.do_handshake()
socket.error: [Errno 104] Connection reset by peer
我的環境python2.7, ubuntu平台, openssl 0.9.8
certificate跟private都是自己用openssl簽的
參考了三個網址試了很多次:
http://ppt.cc/H;IG
http://ppt.cc/bxA9
http://ppt.cc/G5YZ
都還是一樣出現一樣的error,自己覺得code應該是沒有寫錯
請問有神人知道我code的問題到底出在哪裡嗎?
有問過一些人他們說有可能是因為python ssl lib不支援加密的private key
或是我的certificate檔,key檔不是PEM格式等等~都是比較偏向在憑證這方面的答案
再者請問撰寫python的ssl socket有啥需要特別注意的地方嗎?
麻煩各位了,發文經驗不多,格式不佳請見諒~
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 118.167.9.180