我正在使用 macos ventura 和 pycharm 并尝试在两者之间建立连接 遵循本指南的带有 tls 的扭曲服务器/客户端:TLS 服务器通过客户端证书验证进行客户端身份验证 因此,我创建了一个自签名证书,如 this example 与:
openssl req -x509 -newkey rsa:4096 -days 365 -nodes -keyout ca-key.pem -out ca-cert.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.example.com/emailAddress="
openssl req -newkey rsa:4096 -nodes -keyout server-key.pem -out server-req.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.example.com/emailAddress="
openssl x509 -req -in server-req.pem -days 60 -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile server-ext.cnf
server-ext.cnf 包含:subjectAltName=DNS:*.example.comIP:0.0.0.0
openssl verify -CAfile ca-cert.pem server-cert.pem 返回 OK
我在 server.pem 中合并了 server-key.pem 和 server-cert.pem 并在 public.pem 中重命名为 server-cert.pem
为服务器运行这个
\#!/usr/bin/env python
# Copyright (c) Twisted Matrix Laboratories.
# See LICENSE for details.
import sys
from twisted.internet import ssl, protocol, task, defer
from twisted.python import log
from twisted.python.modules import getModule
import echoserv
def main(reactor):
log.startLogging(sys.stdout)
certData = getModule(__name__).filePath.sibling('public.pem').getContent()
authData = getModule(__name__).filePath.sibling('server.pem').getContent()
authority = ssl.Certificate.loadPEM(certData)
certificate = ssl.PrivateCertificate.loadPEM(authData)
factory = protocol.Factory.forProtocol(echoserv.Echo)
reactor.listenSSL(8000, factory, certificate.options(authority))
return defer.Deferred()
if __name__ == '__main__':
import ssl_clientauth_server
task.react(ssl_clientauth_server.main)
对于客户端
#!/usr/bin/env python
# Copyright (c) Twisted Matrix Laboratories.
# See LICENSE for details.
from twisted.internet import ssl, task, protocol, endpoints, defer
from twisted.python.modules import getModule
import echoclient
@defer.inlineCallbacks
def main(reactor):
factory = protocol.Factory.forProtocol(echoclient.EchoClient)
certData = getModule(__name__).filePath.sibling('public.pem').getContent()
authData = getModule(__name__).filePath.sibling('server.pem').getContent()
clientCertificate = ssl.PrivateCertificate.loadPEM(authData)
authority = ssl.Certificate.loadPEM(certData)
options = ssl.optionsForClientTLS(u'example.com', authority,
clientCertificate)
endpoint = endpoints.SSL4ClientEndpoint(reactor, 'localhost', 8000,
options)
echoClient = yield endpoint.connect(factory)
done = defer.Deferred()
# echoClient.connectionLost = lambda reason: done.callback(None)
echoClient.connectionLost = lambda reason: done.callback(reason)
yield done
if __name__ == '__main__':
import ssl_clientauth_client
task.react(ssl_clientauth_client.main)
服务器代码正常工作,但客户端代码引发错误: OpenSSL.SSL.Error: [('SSL routines', '', 'certificate verify failed')]
我尝试了这个 Answer 中的步骤,通过自制软件、certifi 安装了 openssl,确实导出了 SSL_CERT_FILE="$(python -m certifi)",安装了服务身份,但到目前为止没有任何帮助。
到目前为止我被困住了,非常感谢你的帮助。谢谢你! 我期待使用 tls
在服务器和客户端之间建立连接在重新创建密钥/证书后:
openssl req \
-newkey rsa:2048 -nodes -keyout domain.key \
-x509 -days 365 -out domain.crt
错误:OpenSSL.SSL.Error: [('SSL routines', '', 'certificate verify failed')] 消失。