[英]ssl certificate authentication in python
I have been given the following code that should perform an ssl handshake and certificate authentication: 我已经获得了以下应执行ssl握手和证书身份验证的代码:
1 s = socket.socket()
2 print "connecting..."
3 logging.debug("Connecting")
4 # Connect with SSL mutual authentication
5 # We only trust our server's CA, and it only trusts user certificates signed by it
6 c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED,
7 ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='ca.crt',
8 certfile='user.crt', keyfile='user.key')
9 c.connect((constants.server_addr, constants.port))
I have 2 questions about this: 我有两个问题:
socket.socket()
? socket.socket()
这些参数? user.crt
and user.key
(line 8), respectively. user.crt
和user.key
(第8行)。 However, while I assume that ca.crt
(line 7) is retrived from the certificate authority, how to I retrieve it? ca.crt
(第7行),但如何检索它? If any part of the above code or my assumptions about it are incorrect, please let me know. 如果上述代码的任何部分或我对它的假设不正确,请告诉我。 Thanks!
谢谢!
Server address and port are specified as part of the socket address in line 9, specified as the parameter to connect
. 服务器地址和端口被指定为第9行中套接字地址的一部分,指定为要
connect
的参数。
Generally, you've acquired the CA certificate via some out-of-band method, then saved it locally. 通常,您通过一些带外方法获取了CA证书,然后在本地保存。 Linux systems generally have a bundle of certificates for well-known, trusted CAs available under
/etc/ssl/certs
or similar. Linux系统通常具有一组证书,用于在
/etc/ssl/certs
或类似产品下可用的众所周知的可信CA.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.