作者fcapba (爱你不是两三天.......)
看板Python
标题[问题] 本地端简易ssl socket问题
时间Sat Dec 17 00:16:27 2011
想自己在本地端写一个简易的ssl server-client code
参考python的官方网站稍微改了一点点,但是却一直遇到问题解决不了
server code:
import socket
import ssl
bindsocket = socket.socket()
bindsocket.bind(('127.0.0.1', 1234))
bindsocket.listen(5)
print 'server is waiting for connection...'
newsocket, fromaddr = bindsocket.accept()
print 'start ssl socket...'
connstream = ssl.wrap_socket(newsocket, server_side=True,
certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23)
data = connstream.read()
print 'connected from address', fromaddr
print 'received data as', repr(data)
connstream.close()
client code:
import socket
import ssl
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s, ca_certs=
"/home/ckyang/PHA/testsslsocket/myCA.crt", cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(("127.0.0.1", 1234))
ssl_sock.write("hello")
ssl_sock.close()
相关的error code:
server端:
File "views.py", line 17, in & lt;module>
connstream = ssl.wrap_socket(newsocket, server_side=True,
certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23)
File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 119, in __init__
ciphers)
ssl.SSLError: [Errno 336265218] _ssl.c:347: error:140B0002:SSL routines:
SSL_CTX_use_PrivateKey_file:system lib
client端:
File "client.py", line 10, in <module>
ssl_sock.connect(("127.0.0.1", 1234))
File "/usr/lib/python2.7/ssl.py", line 299, in connect
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 283, in do_handshake
self._sslobj.do_handshake()
socket.error: [Errno 104] Connection reset by peer
我的环境python2.7, ubuntu平台, openssl 0.9.8
certificate跟private都是自己用openssl签的
参考了三个网址试了很多次:
http://ppt.cc/H;IG
http://ppt.cc/bxA9
http://ppt.cc/G5YZ
都还是一样出现一样的error,自己觉得code应该是没有写错
请问有神人知道我code的问题到底出在哪里吗?
有问过一些人他们说有可能是因为python ssl lib不支援加密的private key
或是我的certificate档,key档不是PEM格式等等~都是比较偏向在凭证这方面的答案
再者请问撰写python的ssl socket有啥需要特别注意的地方吗?
麻烦各位了,发文经验不多,格式不佳请见谅~
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 118.167.9.180
1F:→ sunrise0406:Foundations of Python Network Programming 12/17 01:45
2F:→ sunrise0406:Chapter 15 有提到SSL相关的资讯。 12/17 01:46
3F:→ fcapba:你提到的这个是书吗? 还是PYTHON的官方文件~ 12/17 02:07
4F:→ sunrise0406:是一本书,google一下就可以载到了,载不到再寄信给我 12/20 00:12