包装套接字时使用的自签名证书
[英]Self-signed certificate used when wrapping sockets
问题描述
I'm trying to use a self-signed x509 certificate generated using the cryptography module in an ssl handshake. 
我正在尝试使用通过SSL握手中的加密模块生成的自签名x509证书。 I'm generating the cert and key to PEM files as prescribed in the documentation and writing them to files using the following function: 我正在按照文档中的说明生成PEM文件的证书和密钥,并使用以下功能将其写入文件:
def write_key_and_cert(self, certname="cert.pem", keyname="key.pem"):
with open(certname, "wb") as f:
f.write(self.cert.public_bytes(serialization.Encoding.PEM))
with open(keyname, "wb") as f:
f.write(self.private_key.private_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(b"passphrase"),),)
The problem arises during the wrapping of the socket, the server is unable to use the certfile and keyfile, causing a hang. 该问题在套接字包装期间出现,服务器无法使用certfile和keyfile,从而导致挂起。 I believe it is due to the keyfile being encrypted (the ssl wrapping isn't decrypting the keyfile). 我认为这是由于密钥文件已加密(ssl包装未解密密钥文件)。 Is there a way to use the cryptography module generated certfile/keyfile and, if so, how? 有没有办法使用加密模块生成的certfile / keyfile?如果是,如何使用?
1 个解决方案
解决方案1
2 已采纳 2017-11-18 22:23:46
This problem was solved by creating the context and specifying the password when loading the cert chain: 通过在加载证书链时创建上下文并指定密码来解决此问题:
context = ssl.create_default_context()
context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile, password=b"passphrase")
This lets the ssl module do the decrypting of the keyfile and loading properly. 这使ssl模块可以对密钥文件进行解密并正确加载。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.