使用ssl和socket进行python客户端身份验证

Question

i have a python server that needs a client to authenticate using certificates, how can i make a client script that uses client certificates to be authenticated by the server in python using ssl and socket modules.

is there example for this using socket and ssl only with out twisted?

from OpenSSL import SSL
from twisted.internet import ssl, reactor
from twisted.internet.protocol import ClientFactory, Protocol

class EchoClient(Protocol):
    def connectionMade(self):
    "print connected"

    def dataReceived(self, data):
        print "Server said:", data
        self.transport.loseConnection()

class EchoClientFactory(ClientFactory):
    protocol = EchoClient

    def clientConnectionFailed(self, connector, reason):
        print "Connection failed - goodbye!"
        reactor.stop()

    def clientConnectionLost(self, connector, reason):
        print "Connection lost - goodbye!"
        reactor.stop()

class CtxFactory(ssl.ClientContextFactory):
    def getContext(self):
        self.method = SSL.TLSv1_METHOD
        ctx = ssl.ClientContextFactory.getContext(self)
        ctx.use_certificate_file('client.crt')
        ctx.use_privatekey_file('client.key')
        return ctx

if __name__ == '__main__':

    factory = EchoClientFactory()
    reactor.connectSSL('localhost', 8080, factory, CtxFactory())
    reactor.run()

Answer 1

import socket, ssl, pprint

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# require a certificate from the server
ssl_sock = ssl.wrap_socket(s,
                keyfile="client.key",
                certfile="client.crt",
                ca_certs="ca.crt",
                cert_reqs=ssl.CERT_REQUIRED)

ssl_sock.connect(('127.0.0.1', 8080))

print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())

ssl_sock.write("testing")
data = ssl_sock.read()
print data

ssl_sock.close()