如何连接Python IMAP4_SSL和自签名服务器SSL证书?
[英]How to connect with Python IMAP4_SSL and self-signed server SSL cert?
问题描述
I'm using python3 and imaplib to connect to an Exchange server. 
我正在使用python3和imaplib连接到Exchange服务器。 The Exchange server uses a self-signed certificate created for the hostname 'my.server.fqdn'. Exchange服务器使用为主机名“my.server.fqdn”创建的自签名证书。 After a recent OS upgrade on my workstation (Ubuntu 14.04) my python script no longer works. 在我的工作站上最近的操作系统升级(Ubuntu 14.04)后,我的python脚本不再有效。
The basic snippet of code I'm using is here: 我正在使用的基本代码片段在这里:
#!/usr/bin/python3
import imaplib
import socket
import ssl
import getpass
passwd = getpass.getpass()
mail = imaplib.IMAP4_SSL('my.server.fqdn', 1143)
mail.login('mike', passwd)
mail.list()
mail.select("INBOX")
The code worked fine prior to the upgrade. 代码在升级之前工作正常。 Now this code produces this error: 现在这段代码产生了这个错误:
Traceback (most recent call last):
File "./example.py", line 9, in <module>
mail = imaplib.IMAP4_SSL('my.server.fqdn', 1143)
File "/usr/lib/python3.4/imaplib.py", line 1222, in __init__
IMAP4.__init__(self, host, port)
File "/usr/lib/python3.4/imaplib.py", line 181, in __init__
self.open(host, port)
File "/usr/lib/python3.4/imaplib.py", line 1236, in open
IMAP4.open(self, host, port)
File "/usr/lib/python3.4/imaplib.py", line 257, in open
self.sock = self._create_socket()
File "/usr/lib/python3.4/imaplib.py", line 1228, in _create_socket
server_hostname=server_hostname)
File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
_context=self)
File "/usr/lib/python3.4/ssl.py", line 578, in __init__
self.do_handshake()
File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:598)
It's not apparent to me if python is having a problem with the self-signed certificate, SSL version, or if there is something new with python 3 which doesn't work with my old code. 如果python遇到自签名证书,SSL版本的问题,或者如果python 3有新的东西与我的旧代码不兼容,那么这对我来说并不明显。
I do have a PEM file from the Exchange server which allows me to connect to the server using curl . 我有一个来自Exchange服务器的PEM文件,它允许我使用curl连接到服务器。 Authentication fails, however the checks curl does during the SSL handshake seem to work OK. 身份验证失败,但SSL握手期间检查curl似乎工作正常。 I do have to supply curl the --sslv3 option along with a path to the PEM file for that to work. 我必须提供curl --sslv3选项以及PEM文件的路径以使其工作。 If that's what I need to do with python to get this working again, how do I go about supplying python with the same information? 如果这就是我需要用python来重新开始工作,我该如何为python提供相同的信息呢?
curl session is here: 卷曲会议在这里:
$ curl -vvv --sslv3 https://my.server.fqdn:1143 --cacert ~/my_server_fqdn.pem
* Rebuilt URL to: https://my.server.fqdn:1143/
* Hostname was NOT found in DNS cache
* Trying 10.10.10.10...
* Connected to my.server.fqdn (10.10.10.10) port 1143 (#0)
* successfully set certificate verify locations:
* CAfile: /home/username/my_server_fqdn.pem
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: O=fqdn; O=SERVER; OU=M; CN=my.server.fqdn
* start date: 2013-07-29 20:59:04 GMT
* expire date: 2023-07-27 20:59:04 GMT
* common name: my.server.fqdn (matched)
* issuer: O=fqdn; O=SERVER; OU=M; CN=my.server.fqdn
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: my.server.fqdn:1143
> Accept: */*
>
* OK [CAPABILITY IMAP4REV1 AUTH=LOGIN MOVE] IMAP4rev1 server ready
GET BAD command authentication required
User-Agent: BAD command authentication required
Host: BAD command authentication required
Accept: BAD command authentication required
* SSLv3, TLS alert, Client hello (1):
* Connection #0 to host my.server.fqdn left intact
1 个解决方案
解决方案1
3 已采纳 2014-08-15 15:50:09
Apparently this problem is due to one or more versions of TLS protocol being disabled in the openssl package on Ubuntu 12.04 and 14.04. 显然,这个问题是由于在Ubuntu 12.04和14.04上的openssl包中禁用了一个或多个版本的TLS协议 。 I ended up using an ssl context in python3 and forcing SSL version 3 for the connection. 我最终在python3中使用ssl上下文并强制连接SSL版本3。 This appears to work now. 这似乎现在有效。 Really hope this helps anyone struggling with the same problem. 真的希望这可以帮助任何人解决同样的问题。
#!/usr/bin/python3
import imaplib
import socket
import ssl
import getpass
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
passwd = getpass.getpass()
mail = imaplib.IMAP4_SSL('my.server.fqdn', 1143, ssl_context=ctx)
mail.login('mike', passwd)
mail.select('INBOX', 1)
typ, uids = mail.uid("SEARCH", None, "ALL")
uids = uids[0].split()
for u in uids:
print ("found uid " , u)
mail.close()
mail.logout()
del mail
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.