Twisted Python中的TLS-如何创建server.pem? [英] TLS in Twisted Python - How to create server.pem?
问题描述
我刚刚在python中发现了Twisted,并一直在查看echoserv_ssl.py示例,如下所示: https://twistedmatrix.com/documents/14.0.0/core/howto/ssl.html 。在示例代码的正上方,页面引用以下示例依赖于文件server.pem(私钥和自签名证书一起)和public.pem(服务器本身的公共证书)。
I've just discovered Twisted in Python, and have been looking at the echoserv_ssl.py sample as found here: https://twistedmatrix.com/documents/14.0.0/core/howto/ssl.html. Just above the sample code, the page quotes "The following examples rely on the files server.pem (private key and self-signed certificate together) and public.pem (the server’s public certificate by itself)."
作为SSL证书和密钥的新手,我做了一些研究,发现 http://www.thegeekscope.com/how-to-generate-self-signed-ssl-certificate-in-linux/
So being something of a novice when it comes to SSL certs and keys, I did some research, and found http://www.thegeekscope.com/how-to-generate-self-signed-ssl-certificate-in-linux/
我按照那里的说明进行操作,并把我的echoserv_ssl.py指向创建的文件(步骤3)。但是,这与我们系统中本地存在的所有证书文件一起,似乎都产生相同的错误:
I followed the instructions there, and pointed my echoserv_ssl.py at the created file (step 3). However, that, together with any of the cert files that we have locally on our system seem to produce the same error:
# python echoserv_ssl.py
2014-09-17 15:12:54+0000 [-] Log opened.
2014-09-17 15:12:54+0000 [-] Traceback (most recent call last):
2014-09-17 15:12:54+0000 [-] File "echoserv_ssl.py", line 23, in <module>
2014-09-17 15:12:54+0000 [-] task.react(echoserv_ssl.main)
2014-09-17 15:12:54+0000 [-] File "/usr/lib64/python2.6/site-packages/twisted/internet/task.py", line 875, in react
2014-09-17 15:12:54+0000 [-] finished = main(_reactor, *argv)
2014-09-17 15:12:54+0000 [-] File "/root/Robot/Twisted/echoserv_ssl.py", line 16, in main
2014-09-17 15:12:54+0000 [-] certificate = ssl.PrivateCertificate.loadPEM(certData)
2014-09-17 15:12:54+0000 [-] File "/usr/lib64/python2.6/site-packages/twisted/internet/_sslverify.py", line 619, in loadPEM
2014-09-17 15:12:54+0000 [-] return Class.load(data, KeyPair.load(data, crypto.FILETYPE_PEM),
2014-09-17 15:12:54+0000 [-] File "/usr/lib64/python2.6/site-packages/twisted/internet/_sslverify.py", line 725, in load
2014-09-17 15:12:54+0000 [-] return Class(crypto.load_privatekey(format, data))
2014-09-17 15:12:54+0000 [-] File "build/bdist.linux-x86_64/egg/OpenSSL/crypto.py", line 2010, in load_privatekey
2014-09-17 15:12:54+0000 [-] File "build/bdist.linux-x86_64/egg/OpenSSL/_util.py", line 22, in exception_from_error_queue
2014-09-17 15:12:54+0000 [-] OpenSSL.crypto.Error: []
这个相当空的错误代码对我来说似乎并不多。谁能解释我要去哪里错了?
This rather empty error code doesn't seem that informative to me. Can anyone explain where I'm going wrong?
谢谢!
推荐答案
您可能已经注意到,有很多方法可以做到这一点。
There are lots of ways to do this, as you've probably noticed.
巧合的是,我只需要几天就生成一个密钥和自签名证书前。我决定保存代码(并将其检入Twisted中),而不是丢失它,而不得不在以后重新创建它。也许会对您有所帮助:
Coincidentally, I had to generate a key and self-signed certificate just a couple days ago. I decided to save the code (and check it in to Twisted) rather than lose it and have to recreate it later. Perhaps it will help you:
https://twistedmatrix.com/trac/browser/trunk/twisted/test/server.pem
正如我提到的,这是远远是唯一的方法,而且可能也不是最好的方法。但是,我确定它可以正常工作(在Twisted的TLS测试套件中使用了生成的证书)。
As I mentioned, this is far from the only way to do it and probably not nearly the best way, either. However, I'm sure that it works (the resulting certificate is used in Twisted's TLS test suite).
请注意,该文件是可运行的Python程序(运行它会生成和包含私钥和证书的可加载pem文件。
Notice that the file is a runnable Python program (running it generates a new key and certificate) and a loadable pem file containing a private key and certificate.
这篇关于Twisted Python中的TLS-如何创建server.pem?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
