如何使用证书存储在python中的字符串变量打开ssl套接字 [英] How to open ssl socket using certificate stored in string variables in python
问题描述
在Python中,ssl.wrap_socket可以从文件读取证书,ssl.wrap_socket需要证书作为文件路径。
In Python, ssl.wrap_socket can read certificates from files, ssl.wrap_socket require the certificate as a file path.
如何使用证书读取从字符串变量?
How can I start an SSL connection using a certificate read from string variables?
我的主机环境不允许写入文件,tempfile模块不起作用
我使用Python 2.7。
我将证书存储在MySQL内部并读为字符串。
My host environment does not allow write to files, and tempfile module is not functional
I'm using Python 2.7.
I store the certificate inside MySQL and read as a string.
编辑:
我放弃了,这基本上是需要通过纯Python代码实现ssl,
I gave up, this is basically require implement ssl by pure python code, this is beyond my current knowledge.
推荐答案
查看源代码,ssl.wrap_socket直接调用本地代码(openssl)函数SSL_CTX_use_cert_chain_file,它需要一个文件的路径,因此您无法做的是尝试做的。
Looking at the source, ssl.wrap_socket calls directly into the native code (openssl) function SSL_CTX_use_cert_chain_file which requires a path to a file, so what you are trying to do is not possible.
参考:
在ssl / init .py中,我们看到:
In ssl/init.py we see:
def wrap_socket(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
do_handshake_on_connect=True):
return SSLSocket(sock, keyfile=keyfile, certfile=certfile,
server_side=server_side, cert_reqs=cert_reqs,
ssl_version=ssl_version, ca_certs=ca_certs,
do_handshake_on_connect=do_handshake_on_connect)
将我们指向SSLSocket构造函数(它在同一个文件中),我们看到以下情况:
Points us to the SSLSocket constructor (which is in the same file) and we see the following happen:
self._sslobj = _ssl2.sslwrap(self._sock, server_side,
keyfile, certfile,
cert_reqs, ssl_version, ca_certs)
_ssl2在C(_ssl2.c)中实现
_ssl2 is implemented in C (_ssl2.c)
查看sslwrap函数,我们看到它正在创建一个新对象:
Looking at the sslwrap function, we see it's creating a new object:
return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
server_side, verification_mode,
protocol, cacerts_file);
查看该对象的构造函数,我们最终会看到:
Looking at the constructor for that object, we eventually see:
ret = SSL_CTX_use_certificate_chain_file(self->ctx,
cert_file);
这个函数在openssl中定义,所以现在我们需要切换到那个代码库。
That function is defined in openssl, so now we need to switch to that codebase.
在ssl / ssl_rsa.c中,我们最终在函数中找到:
In ssl/ssl_rsa.c we eventually find in the function:
BIO_read_filename(in,file)
如果你深入到BIO代码(openssl的一部分)最终成为正常的fopen():
If you dig far enough into the BIO code (part of openssl) you'll eventually come to a normal fopen():
fp=fopen(ptr,p);
所以它看起来像它当前写的。它必须在C的fopen()可打开的文件中。
So it looks like as it's currently written. It must be in a file openable by C's fopen().
此外,由于python的ssl库很快跳转到C,我在一个解决方法中看不到一个明显的monkeypatch的地方。
Also, since python's ssl library so quickly jumps into C, I don't see a immediately obvious place to monkeypatch in a workaround either.
这篇关于如何使用证书存储在python中的字符串变量打开ssl套接字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!