(Beginner) SSL socket communication

Introduction

I have never used SSL socket communication, so here is the result of the actual operation.

environment

OS X El Capitan Python 2.7.11 OpenSSL 0.9.8zh 14 Jan 2016

Preparation

Creating a certificate and public key

I created the certificate and public key with OpenSSL by referring to the following page. http://qiita.com/marcy-terui/items/2f63d7f170ff82531245

├── keys
│   ├── server.crt
│   ├── server.csr * Unused
│   └── server.key

Implementation

I created the code by referring to the following page. https://docs.python.org/2/library/ssl.html 17.3.5.2. Client-side processing 17.3.5.3. Server-side processing

ssl_server.py


import socket, ssl

URL = '127.0.0.1'
PORT = 10023

context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile="keys/server.crt", keyfile="keys/server.key")

bindsocket = socket.socket()
bindsocket.bind((URL, 10023))
bindsocket.listen(5)

def do_something(connstream, data):
    print '---------------------'
    print data + '\n'
    print '---------------------'
    print

def deal_with_client(connstream):
    data = connstream.read()
    # null data means the client is finished with us
    while data:
        if not do_something(connstream, data):
            # we'll assume do_something returns False
            # when we're finished with client
            break
        data = connstream.read()
    # finished with client

while True:
    newsocket, fromaddr = bindsocket.accept()
    connstream = context.wrap_socket(newsocket, server_side=True)
    try:
        deal_with_client(connstream)
    finally:
        connstream.shutdown(socket.SHUT_RDWR)
        connstream.close()

ssl_client.py


import ssl
import socket
import pprint

URL = '127.0.0.1'
PORT = 10023

context = ssl.create_default_context()
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.verify_mode = ssl.CERT_NONE 
context.check_hostname = False
conn = context.wrap_socket(socket.socket(socket.AF_INET),
           server_hostname=URL)
conn.connect((URL, PORT))
cert = conn.getpeercert()
pprint.pprint(cert)
conn.sendall(b"HEAD / HTTP/1.0\r\nHost: linuxfr.org\r\n\r\n")
pprint.pprint(conn.recv(1024).split(b"\r\n"))

result

Server side


$ python ssl_server.py 
---------------------
HEAD / HTTP/1.0
Host: linuxfr.org



---------------------

Client side


$ python ssl_client.py 
{}
['']
$

from now on

In the future, we will experiment with SSL packet communication capture and replay. I would like to try to create a communication stub that works with SSL.

reference

https://docs.python.org/2/library/ssl.html http://qiita.com/marcy-terui/items/2f63d7f170ff82531245

Recommended Posts

(Beginner) SSL socket communication
Socket communication with Python
TCP communication using Socket module-Python3
Socket communication with Python LEGO Mindstorms
Python3 socket module and socket communication flow
Socket communication and multi-thread processing by Python
Socket communication by C language and Python