https与Python中的密钥库握手 [英] https handshake with keystores in Python
问题描述
我有一个Web服务器设置,拒绝没有有效的.p12证书的连接。我需要在Python脚本中访问服务器上运行的REST API,但我找不到任何有关如何执行此操作的信息。如果有人有关于如何使用Python中的.p12证书执行SSL握手的好教程,请告诉我。
I have an web server set up that denies connections without a valid .p12 certificate. I need to access a REST API that is running on the server in a Python script, but I can't find anything about how to do it. If anyone has a good tutorial on how to perform an SSL handshake using .p12 certificates in Python, please let me know.
推荐答案
此问题的答案中描述的相同方法,其中询问在HTTPS连接期间验证服务器证书(这不是默认情况下由 urllib
或 httplib
完成,除了CA之外,还应该允许您指定客户端证书证书列表。
The same methods described in the answers to this question, which asks about verifying a server certificate during the HTTPS connection (this is not done at all by default by urllib
or httplib
) should allow you to specify a client-certificate in addition to the CA certificate lists.
- 如果您选择基于
ssl.wrap_socket
,传递cerfile
/keyfile
参数如文档中所述。 - 使用PycURL,您应该可以调用
setopt(pycurl.SSLCERT ,/ path / to / cert.pem)
和setopt(pycurl.SSLKEY,/ path / to / key.pem)
。选项名称基于 SSL和安全选项部分cURL文档(也有密码选项)。
- If you choose the option based on
ssl.wrap_socket
, pass acerfile
/keyfile
parameter as described in the documentation. - Using PycURL, you should be able to call
setopt(pycurl.SSLCERT, "/path/to/cert.pem")
andsetopt(pycurl.SSLKEY, "/path/to/key.pem")
. The option names are based on the SSL and SECURITY OPTIONS section of the cURL documentation (there's an option for the password too).
您可能需要转换PKCS #12( .p12
)文件为PEM格式。为此:
It's likely that you will have to convert your PKCS#12 (.p12
) file into PEM format. To do so:
# Extract the certificate:
openssl pkcs12 -in filename.p12 -nokeys -out certificate.pem
# Extract the private key:
openssl pkcs12 -in filename.p12 -nocerts -out privkey.pem
这篇关于https与Python中的密钥库握手的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!