Python 简单 SSL 套接字服务器 [英] Python Simple SSL Socket Server

问题描述

只是尝试设置一个简单的 SSL 服务器.过去我从未有过任何 SSL 工作.我对 SSL 证书和签名的方式理解不透彻.

Just trying to set up a simple SSL server. I have never had anything SSL work for me in the past. I have a loose understanding of how SSL certificates and signing.

代码很简单

import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.load_cert_chain(certfile="mycertfile") ###############

bindsocket = socket.socket()
bindsocket.bind(('', 2099))
bindsocket.listen(5)

while True:
    newsocket, fromaddr = bindsocket.accept()
    sslsoc = context.wrap_socket(newsocket, server_side=True)
    request = sslsoc.read()
    print(request)

后面带有###s 的那一行是不起作用的那一行.我不知道我需要用 openssl 做什么来生成一个可以在这里工作的 PEM 文件.

The line in there with the ###s after it is the one that isnt working. I don't know what I have to do with openssl to generate a PEM file that will work here.

谁能告诉我如何使这个简单的套接字工作.

Can anyone enlighten me as to how to make this simple socket work.

顺便说一下，这不用于 HTTP.

By the way, this is NOT used for HTTP.

推荐答案

可以使用这个命令生成自签名证书

you can use this command to generate a self-signed certificate

openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem

openssl 框架会要求您输入一些信息，例如您的国家、城市等，只需按照说明操作，您就会得到一个 cert.pem 文件.输出文件将包含您的 RSA 私钥(您可以使用它生成公钥)和证书.输出文件如下所示:

the openssl framework will ask you to enter some information, such as your country, city, etc. just follow the instruction, and you will get a cert.pem file. the output file will have both your RSA private key, with which you can generate your public key, and the certificate. the output file looks like this:

-----BEGIN RSA PRIVATE KEY-----
 # your private key
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
 # your certificate
-----END CERTIFICATE-----

只需加载它，ssl 模块将为您处理其余的:

just load it, and the ssl module will handle the rest for you:

context.load_cert_chain(certfile="cert.pem", keyfile="cert.pem")

顺便说一句，python2中没有SSLContext".对于使用python2的人，只需在包装套接字时分配pem文件:

btw, there is no "SSLContext" in python2. for guys who are using python2, just assign the pem file when wrapping socket:

newsocket, fromaddr = bindsocket.accept()
connstream = ssl.wrap_socket(newsocket,
                             server_side=True,
                             certfile="cert.pem",
                             keyfile="cert.pem",
                             ssl_version=YOUR CHOICE) 

可用的 ssl 版本:ssl.PROTOCOL_TLSv1、ssl.PROTOCOL_SSLv2、ssl.PROTOCOL_SSLv3、ssl.PROTOCOL_SSLv23.如果您不知道，ssl.PROTOCOL_SSLv23 可能是您的选择，因为它提供了与其他版本的最大兼容性.

available ssl version: ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23. if you have no idea, ssl.PROTOCOL_SSLv23 may be your choice as it provides the most compatibility with other versions.

这篇关于Python 简单 SSL 套接字服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！