1. 首頁
  2. 問答
  3. python客戶端無法將密鑰文件傳遞給wrap_socket()

python客戶端無法將密鑰文件傳遞給wrap_socket()

2017-01-18 99 views
0

我有一個用C語言編寫並託管在運行RHEL的AWS實例上的SSL套接字服務器。目前服務器正在使用自簽名證書,並試圖連接一個python客戶端。當我嘗試指定公鑰使用我得到以下錯誤:python客戶端無法將密鑰文件傳遞給wrap_socket()

TypeError: wrap_socket() got an unexpected keyword argument 'keyfile'

最簡單的客戶端代碼:

#!/bin/python 

import socket 
import ssl 
#Host is the public domain name of an AWS instance 
HOST = "some.host.amazonaws.com" 
#Create context 
con = ssl.create_default_context() 
#Wrap socket with ssl context 
soc = con.wrap_socket(socket.socket(socket.AF_INET), keyfile="pubkey.pem", server_hostname = HOST) 
#connect to host 
soc.connect((HOST, 8615)) 
#Get and print the host cert 
cert = soc.getpeercert() 
pprint.pprint(cert)

在Python文檔它說,我可以指定密鑰文件/ certFile中如此我很困惑,爲什麼這是失敗的。

如果我刪除keyfile="pubkey.pem"則無法驗證證書:

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

我不相信這是服務器我遇到的s_client.First並得到下面的輸出:

CONNECTED(00000003) 
depth=0 /C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
verify error:num=18:self signed certificate 
verify return:1 
depth=0 /C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
verify return:1 
--- 
Certificate chain 
0 s:/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
    i:/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
--- 
Server certificate 
-----BEGIN CERTIFICATE----- 
MIIF5DCCA8wCCQCX0+FHHC2zZjANBgkqhkiG9w0BAQUFADCBszELMAkGA1UEBhMC 
QVUxETAPBgNVBAgMCFZpY3RvcmlhMQ8wDQYDVQQHDAZTeWRuZXkxDzANBgNVBAoM 
BnBzZC1pdDELMAkGA1UECwwCSVQxPzA9BgNVBAMMNmVjMi01NC0yMDYtMTMtMTgy 
LmFwLXNvdXRoZWFzdC0yLmNvbXB1dGUuYW1hem9uYXdzLmNvbTEhMB8GCSqGSIb3 
DQEJARYSdHJpc3RhbkBwc2QtaXQuY29tMB4XDTE3MDExNzA5MTIxOFoXDTE4MDEx 
NzA5MTIxOFowgbMxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTEPMA0G 
A1UEBwwGU3lkbmV5MQ8wDQYDVQQKDAZwc2QtaXQxCzAJBgNVBAsMAklUMT8wPQYD 
VQQDDDZlYzItNTQtMjA2LTEzLTE4Mi5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFt 
YXpvbmF3cy5jb20xITAfBgkqhkiG9w0BCQEWEnRyaXN0YW5AcHNkLWl0LmNvbTCC 
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALWfyQ6aOEoZ3mq1iwBXfdoh 
TrFcv3shoCmCUJ4tdahaez4z81nDp8LNpqNPY+N3Ux18vEElNz49jXA/MGTXnSgE 
1SCSfUHcGnK+AlR2uXIYjbqD3AmJ7nQBPqJ1NEdMzm2iYVpG38NAfFYTH3uwhef3 
Wxkc6Vus5DV6lx+9iOLAyspuicmrthfW9AJV/+bxX8Ewo4pDcQ8y9oZmcPqu9EBK 
4noLEXKcS/w+iCgYAve65E7JQWJiLHeVM16sHfTBBzyr98Qc8HhNTOCaQ7iQ4VGW 
VltIlV5Uu+bBQCckeRoARVLpLYEEvS8J9sictrw4G9fIEgTxDE4zwQZymDLo65jj 
LulGZJ3rc7kQbj23Ycn99R2+jvgqJcJ2GMo6kjmvCg5i/cIE703DDF/QaZXHDJKb 
S/g5eMaXskBURlmGTH8xnbETJ7d46pyzDZQzTI2qVa41qxROqTYN3CUM4eLY1vUc 
iK7gNvmM6dxqsB6qrdQwqTfESbm4R1dvqGhsvhyLc+SGMTLmTHZFgMs2KJkblSRM 
2rs7uP9mwkkJNz6IF57ek0WZX6x+vlC1akJMjhwx1hf3LL+cmzOV2lPvMc8hwgg0 
8zwAxwdWgPd1W7hfW+OZ8JmErsChkT4Ogc1ZG/j+jyVY6hiwxyJVc3ej1ml/eMmX 
jtwf64TwWp7G9nxaBcUlAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBACVYBVAXihWK 
0QJ3EHVixT/HVByVAvowgEJLZLtI6MpJBC93a6HT67KvDc8blXgqgSfm08B0ynzX 
P5Roav5+JAHKlnM9glaPdto13ULhIYxmtSycuoInxBAII5Pfm3DZHO/Sj/oNx6+1 
hHR5wgfP5sjbUon2lh5BRJs8B0dhDjBPbX3D2UcNOhUWBYfVxUoyyqDBAJi7Ephz 
7E6XRZqLFdJluWd7FH3DkbKRkY8yPKPBmIz62lEFc097U6TTl56HMiCrLTcKNzrm 
LmQhkhjsqML5UIGUt4M2bmqmoRn/vqzeVBbMjb/eNtudOjQm2pfIX8L8r3daJbyY 
96MFXqiyBe+kCV3GrKE+UWXpcyFaQi293piD6G1OyVmlb69fBQGsnVK2yCJcDcbG 
/q7gy1olNhChRzr244Fv4HK5jrh+yBnmAuSyxhyuC3OthQJTCfFOVcciv+rOYPjV 
6CQn5KLNta8MVr7C/jwQfNGY3GbHCTgI1elhI0TfqmXzCF1g60Hhjq6lj8KIUI0g 
tyu7UQv3MqUxQ3eR76QYfYrupZAecfTdpIflgtd4Mgv8tc+YFOf3hUKCKRw1Zo1/ 
FZbK5PuqcEF8Wo2NH8+d/pFIm9Rb5nILPvAIddYsGe/Ddjw/wJrKl2NTo3BNBlMB 
sOE+5xE1MIAryL/LDrtNJsOSzB9RwFzc 
-----END CERTIFICATE----- 
subject=/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
issuer=/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/[email protected] 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 1681 bytes and written 712 bytes 
--- 
New, TLSv1/SSLv3, Cipher is AES256-SHA 
Server public key is 4096 bit 
Secure Renegotiation IS supported 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1 
    Cipher : AES256-SHA 
    Session-ID: 3D393B247FDA6BCDC933047DCC70FA60BEC8DB0D493DEB86BB15B70C0BD025BF 
    Session-ID-ctx: 
    Master-Key: 61A6A039398F326940A24165EB803A49DBA7128C4C3EB23C416111B1BF4571B79BE69FBBD755CDB8E81BBB8799FC93EC 
    Key-Arg : None 
    Start Time: 1484711374 
    Timeout : 300 (sec) 
    Verify return code: 18 (self signed certificate) 
--- 
test 
read:errno=0

似乎是客戶端證書沒有被髮送到服務器。有沒有辦法在創建我缺少的連接時指定公鑰?

任何幫助,非常感謝!

來源

2017-01-18 PSD

回答

1

TypeError: wrap_socket() got an unexpected keyword argument 'keyfile'

調用context.wrap_socket(...)時沒有keyfile參數。撥打ssl.wrap_socket(...)時有一個密鑰文件參數。原因是,如果需要,應該使用密鑰文件創建上下文,而ssl.wrap_socket(...)會創建新的上下文。

詳情請參閱documentation of context.wrap_socketdocumentation of ssl.wrap_socket

來源

2017-01-18 06:54:47

+0

謝謝你的幫助。我不得不在'load_default_certs()'上調用load_verify_locations(「/ path/to/root/rootCA.pem」),儘管它安裝在鑰匙串(macOS)中,但不知道爲什麼, !再次感謝:) – PSD

+1

@PSD:Python不使用Mac OS X中的鑰匙串。 –

相關問題

 相關問題