python中的ssl证书身份验证
[英]ssl certificate authentication in python
问题描述
I have been given the following code that should perform an ssl handshake and certificate authentication: 
我已经获得了以下应执行ssl握手和证书身份验证的代码:
1 s = socket.socket()
2 print "connecting..."
3 logging.debug("Connecting")
4 # Connect with SSL mutual authentication
5 # We only trust our server's CA, and it only trusts user certificates signed by it
6 c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED,
7 ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='ca.crt',
8 certfile='user.crt', keyfile='user.key')
9 c.connect((constants.server_addr, constants.port))
I have 2 questions about this: 我有两个问题:
- where do we specify the server/port to which we are connecting? 我们在哪里指定我们要连接的服务器/端口? are these arguments to
socket.socket()?是socket.socket()这些参数? - I have a .p12 from which I extracted a cert and a key in pem format(see this question ), and I assume that these correspond to
user.crtanduser.key(line 8), respectively.我有一个.p12,我从中提取了一个证书和pem格式的密钥(参见这个问题 ),我假设它们分别对应于user.crt和user.key(第8行)。 However, while I assume thatca.crt(line 7) is retrived from the certificate authority, how to I retrieve it?但是,虽然我假设从证书颁发机构重新获得ca.crt(第7行),但如何检索它?
If any part of the above code or my assumptions about it are incorrect, please let me know. 如果上述代码的任何部分或我对它的假设不正确,请告诉我。 Thanks! 谢谢!
1 个解决方案
解决方案1
2 已采纳 2012-05-17 16:17:13
Server address and port are specified as part of the socket address in line 9, specified as the parameter to
connect.服务器地址和端口被指定为第9行中套接字地址的一部分,指定为要connect的参数。Generally, you've acquired the CA certificate via some out-of-band method, then saved it locally.
通常,您通过一些带外方法获取了CA证书,然后在本地保存。 Linux systems generally have a bundle of certificates for well-known, trusted CAs available under /etc/ssl/certsor similar.Linux系统通常具有一组证书,用于在/etc/ssl/certs或类似产品下可用的众所周知的可信CA.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.