忽略“证书未知"警报 [英] Ignore "certificate unknown" alert
问题描述
我有以下简单的Python脚本:
I have the following simple Python script:
import socket
import ssl
if __name__ == "__main__":
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind("", 443)
s.listen(1)
(conn, addr) = s.accept()
sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt", keyfile="server.key", cert_reqs=ssl.CERT_NONE)
print 'Connection established'
while True:
data = sslconn.recv(1024)
if not data: break
print "Data received"
sslconn.close()
文件server.crt
和server.key
指定自签名证书的公钥和私钥.如果我使用Firefox连接到运行此脚本的主机,该脚本将以
The files server.crt
and server.key
specify the public and private key of a self-signed certificate. If I connect to the host running this script using, say, Firefox, the script terminates with
ssl.SSLError: [Errno 1] _ssl.c:503: sslv3 alert certificate unknown
据我收集,这来自客户端(例如Firefox),向主机警告主机证书无效.很好,但是为什么它会导致脚本终止?我必须以某种方式明确地忽略警报吗?
From what I gather, this comes from the client (say, Firefox) alerting the host that the certificate is invalid. That's fine, but why does it cause the script to terminate? Must I explicitly ignore the alert somehow?
推荐答案
尝试捕获异常并将其忽略.应该是致命的.
Try catching the exception and ignoring it. It is supposed to be non-fatal.
sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt",
keyfile="server.key", cert_reqs=ssl.CERT_NONE,
do_handshake_on_connect=False)
try:
sslconn.do_handshake()
except ssl.SSLError, err:
if err.args[1].find("sslv3 alert") == -1:
raise
这篇关于忽略“证书未知"警报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!