扭曲将证书传递给ssl处理程序 [英] twisted passing certificate to ssl handler

问题描述

我正在设计一个ssl服务器，在该服务器上我将它与ssl一起使用Twisted，并且它需要客户端证书身份验证才能继续执行该程序，当我验证客户端的ssl证书时，它返回True，但是我想通过commanname和客户端证书中的电子邮件地址，这样我就可以在处理程序类中获取该特定客户端的设置，那么您可以帮我吗?

i am designing an ssl server where i am using twisted for it with ssl and it requires client certificate authentication to continue to the program , when i verify the ssl certificate of the client it returns True but i want to pass the commanname and emailaddress in the client certificate so that i can get settings for that specific client in the handler class, so can you help me ?

from OpenSSL import SSL
from twisted.internet import ssl, reactor
from twisted.internet.protocol import Factory, Protocol
from twisted.web import server, resource, static, twcgi

class Handler(Protocol):
    def dataReceived(self, data):
        self.transport.write(data)

    def connectionMade(self):
        self.transport.write('hello world')

def verifyCallback(connection, x509, errnum, errdepth, ok):
    global client_username
    if not ok:
        return False
    else:           
        return True

if __name__ == '__main__':

    #setting up ssl json server
    factory = Factory()
    factory.protocol = Handler
    myContextFactory = ssl.DefaultOpenSSLContextFactory('server.key', 'server.crt',SSL.TLSv1_METHOD)
    ctx = myContextFactory.getContext()
    ctx.load_verify_locations("ca.crt")
    ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,verifyCallback)
    reactor.listenSSL(8080, factory,myContextFactory)
    reactor.run()

推荐答案

使用Protocol.dataReceived或其他协议方法(仅在 之后，您已收到一些数据)调用transport.getPeerCertificate.

Call transport.getPeerCertificate in Protocol.dataReceived or another protocol method (only after you have received some data).

这篇关于扭曲将证书传递给ssl处理程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！