https与Python中的密钥库握手 [英] https handshake with keystores in Python

问题描述

我有一个Web服务器设置，拒绝没有有效的.p12证书的连接。我需要在Python脚本中访问服务器上运行的REST API，但我找不到任何有关如何执行此操作的信息。如果有人有关于如何使用Python中的.p12证书执行SSL握手的好教程，请告诉我。

I have an web server set up that denies connections without a valid .p12 certificate. I need to access a REST API that is running on the server in a Python script, but I can't find anything about how to do it. If anyone has a good tutorial on how to perform an SSL handshake using .p12 certificates in Python, please let me know.

推荐答案

此问题的答案中描述的相同方法，其中询问在HTTPS连接期间验证服务器证书（这不是默认情况下由 urllib 或 httplib 完成，除了CA之外，还应该允许您指定客户端证书证书列表。

The same methods described in the answers to this question, which asks about verifying a server certificate during the HTTPS connection (this is not done at all by default by urllib or httplib) should allow you to specify a client-certificate in addition to the CA certificate lists.

• 如果您选择基于 ssl.wrap_socket ，传递 cerfile / keyfile 参数如文档中所述。


• 使用PycURL，您应该可以调用 setopt（pycurl.SSLCERT ，/ path / to / cert.pem）和 setopt（pycurl.SSLKEY，/ path / to / key.pem） 。选项名称基于 SSL和安全选项部分cURL文档（也有密码选项）。

• If you choose the option based on ssl.wrap_socket, pass a cerfile/keyfile parameter as described in the documentation.
• Using PycURL, you should be able to call setopt(pycurl.SSLCERT, "/path/to/cert.pem") and setopt(pycurl.SSLKEY, "/path/to/key.pem"). The option names are based on the SSL and SECURITY OPTIONS section of the cURL documentation (there's an option for the password too).

您可能需要转换PKCS ＃12（ .p12 ）文件为PEM格式。为此：

It's likely that you will have to convert your PKCS#12 (.p12) file into PEM format. To do so:

# Extract the certificate:
openssl pkcs12 -in filename.p12 -nokeys -out certificate.pem

# Extract the private key:
openssl pkcs12 -in filename.p12 -nocerts -out privkey.pem

这篇关于https与Python中的密钥库握手的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！