M2Crypto https錯誤通過網卡代理與cac卡身份驗證

Question

我想通過cac卡身份驗證從魷魚代理後面發出https請求。加載opensc引擎並獲取證書和私鑰似乎工作正常。以下是追溯和代碼。

任何幫助，非常感謝。

回溯

Traceback (most recent call last): 
File "testM2Crypto.py", line 64, in <module> 
res = m2urllib2.urlopen(req) 
File "c:\Python27\lib\urllib2.py", line 135, in urlopen 
return _opener.open(url, data, timeout) 
File "c:\Python27\lib\urllib2.py", line 415, in open 
response = self._open(req, data) 
File "c:\Python27\lib\urllib2.py", line 433, in _open 
'_open', req) 
File "c:\Python27\lib\urllib2.py", line 387, in _call_chain 
result = func(*args) 
File "c:\Python27\lib\site-packages\M2Crypto\m2urllib2.py", line 94, in https_open 
h.request(req.get_method(), req.get_selector(), req.data, headers) 
File "c:\Python27\lib\httplib.py", line 963, in request 
self._send_request(method, url, body, headers) 
File "c:\Python27\lib\httplib.py", line 994, in _send_request 
self.putrequest(method, url, **skips) 
File "c:\Python27\lib\site-packages\M2Crypto\httpslib.py", line 140, in putrequest 
raise ValueError, "unknown URL type: %s" % url 
ValueError: unknown URL type: /index.asp?site=SomeSite 

代碼

from M2Crypto import httpslib, m2urllib2, m2, SSL, Engine 
import urllib2 

url = 'https://some.domain.com/index.asp?site=SomeSite' 

e = Engine.load_dynamic_engine("pkcs11", "c:/windows/syswow64/engine_pkcs11.dll") 
pk = Engine.Engine("pkcs11") 
pk.ctrl_cmd_string("MODULE_PATH", "c:/windows/syswow64/opensc-pkcs11.dll") 
m2.engine_init(m2.engine_by_id("pkcs11")) 

cert = e.load_certificate("slot_01-id_01") 
privatekey = e.load_private_key("slot_01-id_01") 

ctx = SSL.Context("sslv23") 
ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH") 
ctx.set_session_id_ctx("foobar") 
m2.ssl_ctx_use_x509(ctx.ctx, cert.x509) 
m2.ssl_ctx_use_pkey_privkey(ctx.ctx, privatekey.pkey) 

proxy_support=urllib2.ProxyHandler({'https':'https://proxy:3128'}) 
opener = m2urllib2.build_opener(ctx, proxy_support) 
m2urllib2.install_opener(opener) 
req = m2urllib2.Request(url) 
res = m2urllib2.urlopen(req) 

Answer 1

我終於能昨日來解決這個問題。我不得不對代碼做一些修改。我還必須在M2Crypto庫中修正一個通過代理阻止https的錯誤（感謝來自redhat的MiloslavTrmač的補丁）。對於任何可能遇到類似問題的人來說，解決方案都是如此。希望這可以幫助。

代碼從紅帽的補丁

from M2Crypto import httpslib, m2urllib2, m2, SSL, Engine 
import urllib2 

userPin = "123456" 
rootCertPath = 'd:/path/to/rootCert.pem' 
url = 'https://some.domain.com/index.asp?site=SomeSite' 

e = Engine.load_dynamic_engine("pkcs11", "c:/windows/syswow64/engine_pkcs11.dll") 
pk = Engine.Engine("pkcs11") 
pk.ctrl_cmd_string("MODULE_PATH", "c:/windows/syswow64/opensc-pkcs11.dll") 
if len(userPin) > 0: pk.ctrl_cmd_string("PIN", userPin) 

m2.engine_init(m2.engine_by_id("pkcs11")) 

rootcert = X509.load_cert(rootCertPath) 
cert = e.load_certificate("slot_01-id_01") 
privatekey = e.load_private_key("slot_01-id_01") 

ctx = SSL.Context("sslv23") 
ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH") 
ctx.set_session_id_ctx("foobar") 
ctx.load_verify_locations(cafile=rootcert) 
m2.ssl_ctx_use_x509(ctx.ctx, cert.x509) 
m2.ssl_ctx_use_pkey_privkey(ctx.ctx, privatekey.pkey) 

proxy_support=urllib2.ProxyHandler({'https':'https://proxy:3128'}) 
opener = m2urllib2.build_opener(ctx, proxy_support) 
m2urllib2.install_opener(opener) 
req = m2urllib2.Request(url) 
try: 
    res = m2urllib2.urlopen(req) 
    print '\nsuccess' 
except urllib2.HTTPError, err: 
    print '\nerror' 
    print 'err.code: '+str(err.code) 
    print 'err.reason: '+str(err.reason) 
    print 'err.read(): '+str(err.read()) 

由於米洛斯拉夫Trmač。我在以下網址找到了此修補程序，http://arm.koji.fedoraproject.org/koji/buildinfo?buildID=61225。

M2Crypto補丁

diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py 
--- M2Crypto/M2Crypto/httpslib.py 2012-03-15 03:27:22.181524406 +0100 
+++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-15 03:27:40.467485033 +0100 
@@ -182,14 +182,14 @@ 
     else: 
      HTTPSConnection.putheader(self, header, value) 

- def endheaders(self): 
+ def endheaders(self, *args, **kwargs): 
     # We've recieved all of hte headers. Use the supplied username 
     # and password for authorization, possibly overriding the authstring 
     # supplied in the headers. 
     if not self._proxy_auth: 
      self._proxy_auth = self._encode_auth() 

-  HTTPSConnection.endheaders(self) 
+  HTTPSConnection.endheaders(self, *args, **kwargs) 

    def connect(self): 
     HTTPConnection.connect(self) 
diff -urN M2Crypto/M2Crypto/m2urllib2.py M2Crypto-0.21.1/M2Crypto/m2urllib2.py 
--- M2Crypto/M2Crypto/m2urllib2.py 2011-01-15 20:10:05.000000000 +0100 
+++ M2Crypto-0.21.1/M2Crypto/m2urllib2.py 2012-03-15 03:27:40.467485033 +0100 
@@ -64,8 +64,10 @@ 
     target_host = urlparse.urlparse(full_url)[1] 

     if (target_host != host): 
+   request_uri = urlparse.urldefrag(full_url)[0] 
      h = httpslib.ProxyHTTPSConnection(host = host, ssl_context = self.ctx) 
     else: 
+   request_uri = req.get_selector() 
      h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx) 
     # End our change 
     h.set_debuglevel(self._debuglevel) 
@@ -80,7 +82,7 @@ 
     # request. 
     headers["Connection"] = "close" 
     try: 
-   h.request(req.get_method(), req.get_selector(), req.data, headers) 
+   h.request(req.get_method(), request_uri, req.data, headers) 
      r = h.getresponse() 
     except socket.error, err: # XXX what error? 
      raise URLError(err)