当前位置: 文江博客话题详情

pyAMF 客户端在哪里(代码中的哪一点)接受 SSL 证书?

发布于 2024-08-18 22:33:46 字数 3056 浏览 3 评论 0原文

我已经设置了一个监听 SSL 端口的服务器。我能够连接到它,并且使用正确的凭据,我能够访问服务(在下面的示例中回显服务)

下面的代码工作正常,但我不明白客户端在哪一点接受证书< /b>

服务器:

import os.path
import logging
import cherrypy
from pyamf.remoting.gateway.wsgi import WSGIGateway

logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s %(levelname)-5.5s [%(name)s] %(message)s'
)

def auth(username, password):
    users = {"user": "pwd"}
    if (users.has_key(username) and users[username] == password):
            return True
    return False

def echo(data):
   return data

class Root(object):
    @cherrypy.expose
    def index(self):
            return "This is your main website"

gateway = WSGIGateway({'myservice.echo': echo,}, logger=logging, debug=True, authenticator=auth)

localDir = os.path.abspath(os.path.dirname(__file__))
CA = os.path.join(localDir, 'new.cert.cert')
KEY = os.path.join(localDir, 'new.cert.key')
global_conf = {'global': {'server.socket_port': 8443,
                      'environment': 'production',
                      'log.screen': True,
                      'server.ssl_certificate': CA,
                      'server.ssl_private_key': KEY}}

cherrypy.tree.graft(gateway, '/gateway/')
cherrypy.quickstart(Root(), config=global_conf)

客户端:

import logging
from pyamf.remoting.client import RemotingService

logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s %(levelname)-5.5s [%(name)s] %(message)s'
)

client = RemotingService('https://localhost:8443/gateway', logger=logging)
client.setCredentials('user', 'pwd')

service = client.getService('myservice')
print service.echo('Echo this')

现在,当我运行此命令时,它运行 OK,客户端日志如下:行

2010-01-18 00:50:56,323 INFO  [root] Connecting to https://localhost:8443/gateway
2010-01-18 00:50:56,323 DEBUG [root] Referer: None
2010-01-18 00:50:56,323 DEBUG [root] User-Agent: PyAMF/0.5.1
2010-01-18 00:50:56,323 DEBUG [root] Adding request myservice.echo('Echo this',)
2010-01-18 00:50:56,324 DEBUG [root] Executing single request: /1
2010-01-18 00:50:56,324 DEBUG [root] AMF version: 0
2010-01-18 00:50:56,324 DEBUG [root] Client type: 0
2010-01-18 00:50:56,326 DEBUG [root] Sending POST request to /gateway
2010-01-18 00:50:56,412 DEBUG [root] Waiting for response...
2010-01-18 00:50:56,467 DEBUG [root] Got response status: 200
2010-01-18 00:50:56,467 DEBUG [root] Content-Type: application/x-amf
2010-01-18 00:50:56,467 DEBUG [root] Content-Length: 41
2010-01-18 00:50:56,467 DEBUG [root] Server: PyAMF/0.5.1 Python/2.5.2
2010-01-18 00:50:56,467 DEBUG [root] Read 41 bytes for the response
2010-01-18 00:50:56,468 DEBUG [root] Response: <Envelope amfVersion=0 clientType=0>
 (u'/1', <Response status=/onResult>u'Echo this'</Response>)
</Envelope>
2010-01-18 00:50:56,468 DEBUG [root] Removing request: /1
Echo this

2010-01-18 00:50:56,467 DEBUG [root]读取 41 个字节的响应 看起来很可疑,因为响应太短(证书约为 1K),并且我希望证书传输位于调试日志中。

问题:客户端什么时候接受证书?默认情况下它会存储在哪里?哪个配置参数设置默认位置?

原文

I've set up a server listening on an SSL port. I am able to connect to it and with proper credentials I am able to access the services (echo service in the example below)

The code below works fine, but I don't understand at which point the client accepts the certificate

Server:

import os.path
import logging
import cherrypy
from pyamf.remoting.gateway.wsgi import WSGIGateway

logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s %(levelname)-5.5s [%(name)s] %(message)s'
)

def auth(username, password):
    users = {"user": "pwd"}
    if (users.has_key(username) and users[username] == password):
            return True
    return False

def echo(data):
   return data

class Root(object):
    @cherrypy.expose
    def index(self):
            return "This is your main website"

gateway = WSGIGateway({'myservice.echo': echo,}, logger=logging, debug=True, authenticator=auth)

localDir = os.path.abspath(os.path.dirname(__file__))
CA = os.path.join(localDir, 'new.cert.cert')
KEY = os.path.join(localDir, 'new.cert.key')
global_conf = {'global': {'server.socket_port': 8443,
                      'environment': 'production',
                      'log.screen': True,
                      'server.ssl_certificate': CA,
                      'server.ssl_private_key': KEY}}

cherrypy.tree.graft(gateway, '/gateway/')
cherrypy.quickstart(Root(), config=global_conf)

Client:

import logging
from pyamf.remoting.client import RemotingService

logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s %(levelname)-5.5s [%(name)s] %(message)s'
)

client = RemotingService('https://localhost:8443/gateway', logger=logging)
client.setCredentials('user', 'pwd')

service = client.getService('myservice')
print service.echo('Echo this')

Now, when I run this, it runs OK, the client log is below:

2010-01-18 00:50:56,323 INFO  [root] Connecting to https://localhost:8443/gateway
2010-01-18 00:50:56,323 DEBUG [root] Referer: None
2010-01-18 00:50:56,323 DEBUG [root] User-Agent: PyAMF/0.5.1
2010-01-18 00:50:56,323 DEBUG [root] Adding request myservice.echo('Echo this',)
2010-01-18 00:50:56,324 DEBUG [root] Executing single request: /1
2010-01-18 00:50:56,324 DEBUG [root] AMF version: 0
2010-01-18 00:50:56,324 DEBUG [root] Client type: 0
2010-01-18 00:50:56,326 DEBUG [root] Sending POST request to /gateway
2010-01-18 00:50:56,412 DEBUG [root] Waiting for response...
2010-01-18 00:50:56,467 DEBUG [root] Got response status: 200
2010-01-18 00:50:56,467 DEBUG [root] Content-Type: application/x-amf
2010-01-18 00:50:56,467 DEBUG [root] Content-Length: 41
2010-01-18 00:50:56,467 DEBUG [root] Server: PyAMF/0.5.1 Python/2.5.2
2010-01-18 00:50:56,467 DEBUG [root] Read 41 bytes for the response
2010-01-18 00:50:56,468 DEBUG [root] Response: <Envelope amfVersion=0 clientType=0>
 (u'/1', <Response status=/onResult>u'Echo this'</Response>)
</Envelope>
2010-01-18 00:50:56,468 DEBUG [root] Removing request: /1
Echo this

The line 2010-01-18 00:50:56,467 DEBUG [root] Read 41 bytes for the response looks suspicious, since the response is too short (the certificate is ~1K) and I'd expect the cert transfer to be in the debug log.

Question: At which point does the client accept the certificate? Where would it be stored by default? Which config parameter sets the default location?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

此岸叶落 2024-08-25 22:33:46

PyAMF 在底层使用 httplib 来支持远程处理请求。通过 https:// 连接时,httplib.HTTPSConnection 用作RemotingServiceconnection 属性。

它在文档中指出(参考 HTTPSConnection):

注意:这不会进行任何证书验证

因此,在回答您的问题时,即使您向 connection 提供 key_file/cert_file 参数,证书基本上也会被忽略代码>.

实际的忽略是在调用 connect 方法时完成的 - 当实际向网关发出请求时。

[root] 向 /gateway 发送 POST 请求

读取响应的 41 字节 是未加密的 http 响应长度。

此答案可能不包含您需要的所有信息,但应该以某种方式解释您所看到的行为。

PyAMF uses httplib under the hood to power the remoting requests. When connecting via https://, httplib.HTTPSConnection is used as the connection attribute to the RemotingService.

It states in the docs that (in reference to HTTPSConnection):

Note: This does not do any certificate verification

So, in answer to your question certificates are basically ignored, even if you supply key_file/cert_file arguments to connection.

The actual ignoring is done when the connect method is called - when the request is actually made to the gateway ..

[root] Sending POST request to /gateway

The Read 41 bytes for the response is the unencrypted http response length.

This answer may not contain all the info you require but should go some way to explaining the behaviour you're seeing.

回复 原文
~没有更多了~

关于作者

雪花飘飘的天空

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文