如何在网络通讯中引入验证机制 python3 + ssl 的简单demo
关于这样的案例在网上能找到大量的java c++的案列,这个地方给出一个python的简单案例,方便我这样的小白,运用理解 。建议,首先阅读一下我转载的这篇博文 openssl基本原理 + 生成证书 + 使用实例[https://blog.csdn.net/m0_37329910/article/details/87886027],以便帮助理解证书 ssl 证书 秘钥 公钥 等基础的概念 。
server端程序 server pc ip: 192.168.88.186:
其实很简单,就是一个TCP套接字,我们给他套上 ssl 壳:
from socket import socket, AF_INET, SOCK_STREAM
import ssl
KEYFILE = 'siyao_ca-key.pem' # Private key of the server
CERTFILE = 'ca-cert.pem' # Server certificate (given to client)
def tell2client(s):
while True:
data = s.recv(8192)
if data == b'':
break
s.send(data*3)
s.close()
print('Connection closed')
def start_server(address):
s = socket(AF_INET, SOCK_STREAM)
s.bind(address)
s.listen(1)
# Wrap with an SSL layer requiring client certs
s_ssl = ssl.wrap_socket(s,
keyfile=KEYFILE, #服务端的私钥
certfile=CERTFILE,#证书
server_side=True
)
# Wait for connections
while True:
try:
c,a = s_ssl.accept()
print('Got connection', c, a)
tell2client(c)
except Exception as e:
print('{}: {}'.format(e.__class__.__name__, e))
start_server(('', 20000))
客户端程序:
from socket import socket, AF_INET, SOCK_STREAM
import ssl
s = socket(AF_INET, SOCK_STREAM)
s_ssl = ssl.wrap_socket(s,cert_reqs=ssl.CERT_REQUIRED,ca_certs='ca-cert.pem') #客户端把证书加载进来
s_ssl.connect(('192.168.88.186', 20000))
s_ssl.send(b'Hello World?')
print(s_ssl.recv())
s.close()
输出:
Hello World?Hello World?
程序很好理解,但是很多读者可能更关心证书和秘钥的生成过程。
证书生成
openssl genrsa -out siyao_ca-key.pem 1024
openssl req -new -out ca-req.csr -key siyao_ca-key.pem
openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey siyao_ca-key.pem -days 3650
需要安装 openssl,然后在服务器端敲上面三条命令即可,中间有些细节只需要根据openssl的提示填写就行了,最好不留空白 。把生成的证书拷贝给用户端即可给套接字通讯加上简单的验证机制 。