我需要创建客户端/服务器应用程序以将文件从客户端发送到服务器。 我使用简单的ssl套接字并使用证书进行身份验证。
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(ms, keyfile=".../newCA/my_client.key", certfile=".../newCA/my_client.crt", server_side=0, cert_reqs=ssl.CERT_REQUIRED, ca_certs=".../newCA/CA/my-ca.crt" ) ssl_sock.connect((HOST, MPORT))和服务器端:
msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.ssl_sock = ssl.wrap_socket(msock, keyfile=".../newCA/my_server.key", certfile=".../newCA/my_server.crt", server_side=1, cert_reqs=ssl.CERT_REQUIRED, ca_certs=".../newCA/CA/my-ca.crt" ) self.ssl_sock.bind(('', self.PORT)) self.ssl_sock.listen(self.QUEUE_MAX)问题如下:当客户端尝试连接到服务器时,它需要输入两者的私钥密码:对于服务器端和客户端。
在Java中我们需要设置系统属性:javax.net.ssl.keyStorePassword =“”并且它必须自动使用,但它是如何在Python中使用的? 我无法在客户端连接时输入密码短语。问题是我的Application:Client应该使用已经签名的证书,而Server也应该使用已签名的证书。 我无法改变它。 Serever和客户都是长期应用程序,所以我们只运行它,我们不需要寻找它们。 但是,据我所知,Python没有提供自动输入私钥密码的标准方法。 可能是其他建议?
I need to create Client/Server application to send files from clients to Server. I use simple ssl sockets for that and authenticate with certificates.
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(ms, keyfile=".../newCA/my_client.key", certfile=".../newCA/my_client.crt", server_side=0, cert_reqs=ssl.CERT_REQUIRED, ca_certs=".../newCA/CA/my-ca.crt" ) ssl_sock.connect((HOST, MPORT))And Server side:
msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.ssl_sock = ssl.wrap_socket(msock, keyfile=".../newCA/my_server.key", certfile=".../newCA/my_server.crt", server_side=1, cert_reqs=ssl.CERT_REQUIRED, ca_certs=".../newCA/CA/my-ca.crt" ) self.ssl_sock.bind(('', self.PORT)) self.ssl_sock.listen(self.QUEUE_MAX)The problem is the following: when client tries to connect to Server, it requires Enter the pass phrase for private key for Both: for Server-side and Client-side.
In Java we need to set System Property: javax.net.ssl.keyStorePassword="" and it has to be used automatically, But how is it been used in Python? I can't enter pass phrase all time the client connects.The problem is that my Application:Client should use already signed certificate, and Server should use already signed certificate too. I can't change it. Both Serever and Clients are long-living applications, so we just run it and we no need to look for them. But, as I understand, Python doesn't provide statndard way to automatically enter pass phrase for private key. May be other suggestions?
最满意答案
密码短语意味着由人输入作为识别手段。 如果要对其进行硬编码,则不带密码的SSL密钥可提供相同级别的安全性。 要删除密码,请参阅: http : //aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,-and-"%3BGetting-Rid-of-the-Passphrase" %3B
A pass phrase is meant to be entered by a human as means of identification. If you want to hardcode it, a SSL key without passphrase provides the same level of security. For getting rid of the pass phrase, see also: http://aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,-and-"%3BGetting-Rid-of-the-Passphrase"%3B
更多推荐
发布评论