0

httpsサーバーとクライアントを作成しようとしています。テスト用に秘密鍵と自己署名証明書とともにCAを作成しました。

これが私のテストサーバーです:

#!/usr/bin/env python

import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL

CERTIFICATE_PATH = os.getcwd() + '/CA/cacert.pem'
KEY_PATH = os.getcwd() + '/CA/private/key.pem'


class SecureHTTPServer(HTTPServer):
    def __init__(self, server_address, HandlerClass):
        BaseServer.__init__(self, server_address, HandlerClass)
        ctx = SSL.Context(SSL.SSLv23_METHOD)

        ctx.use_privatekey_file(KEY_PATH)
        ctx.use_certificate_file(CERTIFICATE_PATH)

        self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))

        self.server_bind()
        self.server_activate()

class MemberUpdateHandler(SimpleHTTPRequestHandler):
    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)

    def do_GET(self):
        try:
            print 'path:', self.path
            print self.path.endswith('.txt')
            if self.path.endswith('.txt'):
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("successful")
                return
            else:
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("not successful")
        except IOError:
            self.send_error(404, 'What you talking about willis?')


def test(HandlerClass = MemberUpdateHandler,
         ServerClass = SecureHTTPServer):
    server_address = ('', 4242)
    httpd = ServerClass(server_address, HandlerClass)
    sa = httpd.socket.getsockname()
    print "serving HTTPS on:", sa[0], "port:", sa[1], "..."
    httpd.serve_forever()

if __name__ == '__main__':
    test()

と私の単純なクライアント:

#!/usr/bin/env python

import os
import httplib
import socket

KEY_FILE = os.getcwd() + '/CA/private/key.pem'
CERT_FILE = os.getcwd() + '/CA/certs/01.pem'
GET = "GET"


conn = httplib.HTTPSConnection('0.0.0.0', '4242', cert_file = CERT_FILE)

conn.request(GET, "/this.txt")
response = conn.getresponse()
print response.status, response.reason, response.read()

conn.close()

cert_file = CERT_FILEを呼び出しから削除すると、それを追加しようとすると問題が発生します。しかし、私は私が望む検証を得ていないと思います。

試したときに発生するエラーは次のとおりです。

サーバー側:

Exception happened during processing of request from ('127.0.0.1', 55283)
Traceback (most recent call last):
File "/usr/lib/python2.6/SocketServer.py", line 281, in _handle_request_noblock
  self.process_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
  self.finish_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
  self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.6/SocketServer.py", line 615, in __init__
  self.handle()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle
  self.handle_one_request()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request
 self.raw_requestline = self.rfile.readline()
File "/usr/lib/python2.6/socket.py", line 406, in readline
 data = self._sock.recv(self._rbufsize)
Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]

そしてクライアントから:

File "HTTPSClient.py", line 19, in <module>
conn.request(GET, "/this.txt")
File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

そこにどのファイルを送信する必要がありますか?CA証明書、署名付き証明書、および秘密鍵を持っています。私が見つけたドキュメントは非常にまばらです。

4

1 に答える 1

2

この[ドキュメント][1]に基づく

class httplib.HTTPSConnection(host[, port[, key_file[, cert_file[, strict[, timeout[, source_address]]]]]])
A subclass of HTTPConnection that uses SSL for communication with secure servers. Default port is 443. key_file is the name of a PEM formatted file that contains your private key. cert_file is a PEM formatted certificate chain file.

**Warning This does not do any verification of the server’s certificate.**

よくわかりませんが(Pythonの経験はありません)、key_fileとcert_fileはクライアント側の認証用であると思います。

また、証明書の検証に関する次のリンクを確認できます:http: //code.activestate.com/recipes/577548-https-httplib-client-connection-with-certificate-v/

于 2012-09-12T18:54:53.357 に答える