I have never used SSL socket communication, so here is the result of the actual operation.
OS X El Capitan Python 2.7.11 OpenSSL 0.9.8zh 14 Jan 2016
I created the certificate and public key with OpenSSL by referring to the following page. http://qiita.com/marcy-terui/items/2f63d7f170ff82531245
├── keys
│ ├── server.crt
│ ├── server.csr * Unused
│ └── server.key
I created the code by referring to the following page. https://docs.python.org/2/library/ssl.html 17.3.5.2. Client-side processing 17.3.5.3. Server-side processing
ssl_server.py
import socket, ssl
URL = '127.0.0.1'
PORT = 10023
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile="keys/server.crt", keyfile="keys/server.key")
bindsocket = socket.socket()
bindsocket.bind((URL, 10023))
bindsocket.listen(5)
def do_something(connstream, data):
print '---------------------'
print data + '\n'
print '---------------------'
print
def deal_with_client(connstream):
data = connstream.read()
# null data means the client is finished with us
while data:
if not do_something(connstream, data):
# we'll assume do_something returns False
# when we're finished with client
break
data = connstream.read()
# finished with client
while True:
newsocket, fromaddr = bindsocket.accept()
connstream = context.wrap_socket(newsocket, server_side=True)
try:
deal_with_client(connstream)
finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
ssl_client.py
import ssl
import socket
import pprint
URL = '127.0.0.1'
PORT = 10023
context = ssl.create_default_context()
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.verify_mode = ssl.CERT_NONE
context.check_hostname = False
conn = context.wrap_socket(socket.socket(socket.AF_INET),
server_hostname=URL)
conn.connect((URL, PORT))
cert = conn.getpeercert()
pprint.pprint(cert)
conn.sendall(b"HEAD / HTTP/1.0\r\nHost: linuxfr.org\r\n\r\n")
pprint.pprint(conn.recv(1024).split(b"\r\n"))
Server side
$ python ssl_server.py
---------------------
HEAD / HTTP/1.0
Host: linuxfr.org
---------------------
Client side
$ python ssl_client.py
{}
['']
$
In the future, we will experiment with SSL packet communication capture and replay. I would like to try to create a communication stub that works with SSL.
https://docs.python.org/2/library/ssl.html http://qiita.com/marcy-terui/items/2f63d7f170ff82531245
Recommended Posts