參考文檔:https://blog.csdn.net/wuliganggang/article/details/78428866
實現:
1. 單向認證:client需要一個ca.crt,校驗服務器的合法性。
def connectSSL(self, _tcp_ip, _tcp_port, _ca_certs='ca.crt'): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sk = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ca_certs=_ca_certs) try: sk.connect((_tcp_ip, _tcp_port)) except Exception, e: logging.error(str(e)) exit(1)
2. 雙向認證:client對server進行校驗,同時server也對client進行校驗,client需要client.key 、client.crt 、ca.crt
def connectSSL(self, _tcp_ip='192.168.1.100', _tcp_port=10000, _keyfile='user.key', _certfile='user.pem', _ca_certs='ca.crt'): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sk = ssl.wrap_socket(s, keyfile=_keyfile, certfile=_certfile, cert_reqs=ssl.CERT_REQUIRED, ca_certs=_ca_certs) try: sk.connect((_tcp_ip, _tcp_port)) print "cert type: " , sk.getpeercert() except Exception, e: logging.error(str(e)) exit(1)
3. 不做認證
def connectSSL(self, _tcp_ip='192.168.1.100', _tcp_port=10000): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sk = ssl.wrap_socket(s, cert_reqs=ssl.CERT_NONE) try: sk.connect((_tcp_ip, _tcp_port)) print "cert type: " , sk.getpeercert() except Exception, e: logging.error(str(e)) exit(1)
注:python2.7.9版本后支持對證書加密
補充:
安裝
1. 使用pip安裝:
pip install pyopenssl
2. 下載安裝包安裝:
pyopenssl下載:https://launchpad.net/pyopenssl/+download
windows直接用.exe安裝
cryptography下載:https://pypi.org/project/cryptography/0.2.2/#files
執行 pip install *.whl安裝