[python] socket.ssl

Radek Kanovsky rk na dat.cz
Pátek Květen 9 15:40:42 CEST 2003 

On Fri, May 09, 2003 at 03:14:11PM +0200, Zdenek Pavlas wrote:

> Ahoj,
> 
> Mam problem s SSL na strane serveru. Zatimco klientska SSL negotiation
> probehne ok (napriklad kdyz se chci nakonektit na https server), na opacne
> strane to probehne takhle:
> 
> >>> from socket import *
> >>> s=socket(AF_INET, SOCK_STREAM)
> >>> s.bind (('', 1080))
> >>> s.listen (5)
> >>> s.accept ()
> (<socket object, fd=4, family=2, type=1, protocol=0>, ('127.0.0.1', 3066))
> (po spusteni links https://localhost:1080, ktery je ted ve stavu "ssl 
> negotiation")
> >>> c = _[0]
> >>> ssl.__doc__
> 'ssl(socket, keyfile, certfile) -> sslobject'
> >>> ssl (c, 'cert_key.pem', 'cert.pem')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
> socket.sslerror: SSL_connect error
> ..nacez server ten socket zavre protoze links ukaze "connection refused".
> 
> Netusi nekdo co delam spatne? Ten private key a self-signed certifikat
> je ok, apache nebo stunnel s nim funguji bez jakychkoliv problemu.
> Jejich nacteni a overeni je take ok protoze kdyz je bud prohodim
> nebo zkratim na nulovou delku, dostanu jinou chybovou hlasku.

Nikde jsem to napsane nevidel, ale podle me je socket.ssl delan jenom
pro klienty. Na server je potreba pouzit modul openssl nebo neco jineho.

Radek Kaňovský

-----------------------------------------------------------------
from OpenSSL import SSL
import os, socket

PORT = 50007

def verify_cb(conn, cert, errnum, depth, ok):
    # This obviously has to be updated
    print 'Got certificate: %s' % cert.get_subject()
    return ok

# Initialize context
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
#ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)
ctx.set_verify(SSL.VERIFY_PEER, verify_cb)
ctx.use_privatekey_file ('key.pem')
ctx.use_certificate_file('cert.pem')
#ctx.load_verify_locations(os.path.join(dir, 'CA.cert'))

# Set up server
server = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
server.bind(('', PORT))
server.listen(3)
#server.setblocking(0)

cli, addr = server.accept()
print cli, addr
data = cli.recv(1024)
cli.send(data)
cli.shutdown()

Další informace o konferenci Python