堆栈内存溢出
  简体   繁体   English

ssl 证书文件在 Python websocket 服务器中的路径

[英]Where to give path of ssl certificate files in Python websocket server

 原文  2020-08-19 22:27:24       python/ websocket

问题描述

I've this snippet from: https://websockets.readthedocs.io/en/stable/intro.html我有这个片段来自: https://websockets.readthedocs.io/en/stable/intro.html

ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
localhost_pem = pathlib.Path(__file__).with_name("localhost.pem")
ssl_context.load_verify_locations(localhost_pem)

I've CA signed certificate with Key,Cert and Bundle files.我有 CA 签名证书,其中包含密钥、证书和捆绑文件。 Where to specify them?在哪里指定它们?

In my actual code it looks like though all browsers report invalid certificate issue:在我的实际代码中,看起来所有浏览器都报告无效证书问题:

def start_server():
    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
    localhost_pem = pathlib.Path(__file__).with_name("server.pem")
    ssl_context.load_cert_chain(localhost_pem)

    ip = ''

    if os.name =='nt':
        ip = '127.0.0.1'
    else:
        ip = "x.x.x.x"

    start_server = websockets.serve(
        hello, ip, 31333,ssl=ssl_context
    )

    asyncio.get_event_loop().run_until_complete(start_server)
    asyncio.get_event_loop().run_forever()

For example I've created a Python webserver and specified those files correctly and this is working properly and no invalid certification issue comes:例如,我创建了一个 Python 网络服务器并正确指定了这些文件,并且它工作正常并且没有出现无效的证书问题:

server = HTTPServer(('0.0.0.0', 443), PostHandler)
    if USE_HTTPS:
        import ssl
        server.socket = ssl.wrap_socket(server.socket, keyfile='./ssl/key.pem', certfile='./ssl/public.pem'
                , ca_certs="./ssl/cap1_traf_com.ca-bundle" , server_side=True)

        server.serve_forever()

1 个解决方案

解决方案1
 0 已采纳  2020-08-22 06:32:37

Most libraries, including websockets accept an ssl context parameter.大多数库,包括websockets都接受 ssl 上下文参数。

In your case, for server side, you'd want to create the socket as so:在您的情况下,对于服务器端,您希望这样创建套接字:

import ssl
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain("<cert path>", "<key path>")

This will create a server-side socket for the purpose of "client authentication".这将创建一个用于“客户端身份验证”的服务器端套接字。 If you're not using client-certificates (chances are low) then this should be enough.如果您不使用客户端证书(可能性很低),那么这就足够了。

If your certificate requires additional intermediate ones ("bundle"), they should be part of the <cert_path> file.如果您的证书需要额外的中间证书(“捆绑包”),它们应该是<cert_path>文件的一部分。 The .pem format allows for multiple certificates, one after the other. .pem格式允许多个证书,一个接一个。

A simple concatenation will usually do the trick.一个简单的连接通常就可以解决问题。 For more information you can see the Python Docs .有关更多信息,请参阅Python 文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Python-SSL客户端/服务器证书 - Python - SSL Client/Server Certificate 在 Z23EEEB4347BDD265DDZFC6B7EE9A3B7 中的 ssl 和 https 服务器上创建 websocket - Create websocket over ssl and https server in python python ssl问题打开证书文件 - python ssl issue opening certificate files Python服务器:Chrome扩展SSL证书 - Python Server: Chrome Extension SSL certificate 如何在python中验证服务器的SSL证书? - How to validate server's ssl certificate in python? Python ssl.get_server_certificate 下载错误的证书? - Python ssl.get_server_certificate downloads wrong certificate? Python Twisted:SSL例程,ssl3_get_server_certificate错误 - Python Twisted : SSL routines , ssl3_get_server_certificate errors Python Websocket安全[SSL:CERTIFICATE_VERIFY_FAILED](_ssl.c:777) - Python Websocket secure [SSL: CERTIFICATE_VERIFY_FAILED] (_ssl.c:777) 使用python从自定义路径验证SSL证书 - Verify SSL certificate from the custom path using python 在python中抑制&#39;SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败&#39;错误 - Suppress 'SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' errors in python
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM