使用PEM证书的HTTPS连接 [英] HTTPS connection using PEM Certificate

问题描述

我正在尝试使用以下PEM证书发布HTTPS请求：

I'm trying to POST HTTPS requests using a PEM certificate like following:

import httplib  
CERT_FILE = '/path/certif.pem'
conn = httplib.HTTPSConnection('10.10.10.10','443', cert_file =CERT_FILE)   
conn.request("POST", "/") 
response = conn.getresponse()       
print response.status, response.reason
conn.close()

我有以下错误：

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 739, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 1116, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.6/ssl.py", line 338, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 118, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:339: error:140B0009:SSL       
routines:**SSL_CTX_use_PrivateKey_file**:PEM lib

当我删除c来自httplib的ert_file，我有以下回复：

When I remove the cert_file from httplib, I've the following response:

200 ok

当我添加身份验证标头（如MattH建议）和空邮件有效负载时，它也有效。

When I add the Authentication header (like advised by MattH) with empty post payload, it works also.

然而，当我把好的请求与Path，Body和Header放在一起时，如下所示（我简化了它们）......

However, when I put the good request with the Path, the Body and the Header, like following (I simplified them...)

body = '<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">blablabla</S:Envelope>'
URLprov = "/syncaxis2/services/XXXsyncService"
auth_header = 'Basic %s' %  (":".join(["xxx","xxxxx"]).encode('Base64').strip('\r\n'))
conn.request("POST",URLprov,body,{'Authenticate':auth_header})

我有401个未经授权的回复！

I have 401 Unauthorized response !

正如您所看到的，首先，我被要求提供PrivateKey！如果我是客户，为什么我需要PrivateKey？然后，当我删除PrivateKey和证书，并把路径/正文/标题我有401 Unauthorized错误消息WWW-Authenticate：Basic realm =SYNCNB Server Realm。

As you can see, first, I'm asked to provide the PrivateKey ! why did I need the PrivateKey if I'm a client ? then, when I remove the PrivateKey and the certificate, and put the Path/Body/headers I have 401 Unauthorized error with the message WWW-Authenticate: Basic realm="SYNCNB Server Realm".

任何人都可以解释这个问题吗？是否有另一种使用Python证书发送HTTPS请求的方法？

Could any one explain this issue? Is there another way to send HTTPS request using a certificate in Python?

推荐答案

参见 http://docs.python.org/library/httplib.html

httplib.HTTPSConnection 不会对服务器的证书进行任何验证。

httplib.HTTPSConnection does not do any verification of the server’s certificate.

包含您的私人证书的选项是当服务器对客户端进行基于证书的身份验证时。即服务器正在检查客户端是否有由其信任的CA签署的证书，并且允许其访问其资源。

The option to include your private certificate is when the server is doing certificate based authentication of clients. I.e. the server is checking the client has a certificate signed by a CA that it trusts and is allowed to access it's resources.

如果未指定cert可选参数，则应该能够连接到HTTPS服务器，但不能验证服务器证书。

If you don't specify the cert optional argument, you should be able to connect to the HTTPS server, but not validate the server certificate.

更新

根据您的评论，您已经尝试过基本身份验证，看起来服务器仍然希望您使用身份验证进行身份验证基本认证。您的凭据是无效的（您是否已独立验证它们？）或您的 Authenticate 标头格式不正确。修改示例代码以包含基本身份验证标头和空邮件有效负载：

Following your comment that you've tried basic auth, it looks like the server still wants you to authenticate using basic auth. Either your credentials are invalid (have you independently verified them?) or your Authenticate header isn't formatted correctly. Modifying your example code to include a basic auth header and an empty post payload:

import httplib  
conn = httplib.HTTPSConnection('10.10.10.10','443')   
auth_header = 'Basic %s' % (":".join(["myusername","mypassword"]).encode('Base64').strip('\r\n'))
conn.request("POST", "/","",{'Authorization':auth_header}) 
response = conn.getresponse()       
print response.status, response.reason
conn.close()

这篇关于使用PEM证书的HTTPS连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！