Python简单SSL套接字服务器 [英] Python Simple SSL Socket Server

问题描述

只需尝试设置一个简单的SSL服务器.过去，我从来没有对SSL进行过任何工作.我对SSL证书和签名的方式了解甚少.

Just trying to set up a simple SSL server. I have never had anything SSL work for me in the past. I have a loose understanding of how SSL certificates and signing.

代码很简单

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.load_cert_chain(certfile="mycertfile") ###############

bindsocket = socket.socket()
bindsocket.bind(('', 2099))
bindsocket.listen(5)

while True:
    newsocket, fromaddr = bindsocket.accept()
    sslsoc = context.wrap_socket(newsocket, server_side=True)
    request = sslsoc.read()
    print(request)

其中### s后面的那行是无效的.我不知道与openssl有什么关系才能生成可以在此处工作的PEM文件.

The line in there with the ###s after it is the one that isnt working. I don't know what I have to do with openssl to generate a PEM file that will work here.

任何人都可以启发我如何使这个简单的套接字工作.

Can anyone enlighten me as to how to make this simple socket work.

顺便说一下，这不用于HTTP.

By the way, this is NOT used for HTTP.

推荐答案

您可以使用此命令生成自签名证书

you can use this command to generate a self-signed certificate

openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem

openssl框架将要求您输入一些信息，例如您所在的国家，城市等.只需按照说明进行操作，您将获得一个cert.pem文件.输出文件将同时具有可用于生成公钥的RSA私钥和证书. 输出文件如下所示:

the openssl framework will ask you to enter some information, such as your country, city, etc. just follow the instruction, and you will get a cert.pem file. the output file will have both your RSA private key, with which you can generate your public key, and the certificate. the output file looks like this:

-----BEGIN RSA PRIVATE KEY-----
 # your private key
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
 # your certificate
-----END CERTIFICATE-----

只需加载它，ssl模块将为您处理其余部分:

just load it, and the ssl module will handle the rest for you:

context.load_cert_chain(certfile="cert.pem", keyfile="cert.pem")

顺便说一句，python2中没有否"SSLContext".对于使用python2的人，只需在包装套接字时分配pem文件即可:

btw, there is no "SSLContext" in python2. for guys who are using python2, just assign the pem file when wrapping socket:

newsocket, fromaddr = bindsocket.accept()
connstream = ssl.wrap_socket(newsocket,
                             server_side=True,
                             certfile="cert.pem",
                             keyfile="cert.pem",
                             ssl_version=YOUR CHOICE) 

可用的ssl版本:ssl.PROTOCOL_TLSv1，ssl.PROTOCOL_SSLv2，ssl.PROTOCOL_SSLv3，ssl.PROTOCOL_SSLv23.如果您不了解，可以选择ssl.PROTOCOL_SSLv23，因为它与其他版本的兼容性最佳.

available ssl version: ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23. if you have no idea, ssl.PROTOCOL_SSLv23 may be your choice as it provides the most compatibility with other versions.

这篇关于Python简单SSL套接字服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！