使用 SocketServer.TCPServer 通过 SSL 的 TCP 服务器
我想将 ssl 支持添加到基于 SocketServer.TCPServer 类的现有 TCP 服务器。 所以我覆盖了 TCPServer 类的默认构造函数并添加了 ssl.wrap_socket(...) 调用:
class MyTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True):
# See SocketServer.TCPServer.__init__
# (added ssl-support):
SocketServer.BaseServer.__init__(self, server_address,
RequestHandlerClass)
self.socket = ssl.wrap_socket(
socket.socket(self.address_family, self.socket_type),
server_side=True,
certfile='cert.pem'
)
if bind_and_activate:
self.server_bind()
self.server_activate()
启动服务器时,不会发生错误。 所以我修改了我的简单测试客户端来支持 ssl:同样
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(s)
sock.connect(('192.168.1.1', 54321))
没有发生错误,但连接调用被阻止。当使用 Ctrl+C 关闭客户端时,它显示以下内容:
Traceback (most recent call last):
File "exampleClient.py", line 10, in <module>
sock.do_handshake()
File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
self._sslobj.do_handshake()
KeyboardInterrupt
因此 do_handshake 在连接时被阻塞。有谁知道如何解决这个问题?我只是想使用加密的 TCP 连接:)
i want to add ssl-support to an existing TCP-server which is based on the SocketServer.TCPServer class.
So i overrode the default constructor of the TCPServer class and added the ssl.wrap_socket(...)-call:
class MyTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True):
# See SocketServer.TCPServer.__init__
# (added ssl-support):
SocketServer.BaseServer.__init__(self, server_address,
RequestHandlerClass)
self.socket = ssl.wrap_socket(
socket.socket(self.address_family, self.socket_type),
server_side=True,
certfile='cert.pem'
)
if bind_and_activate:
self.server_bind()
self.server_activate()
When starting the server, no error occurrs.
So i modified my simple test-client to support ssl, too:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(s)
sock.connect(('192.168.1.1', 54321))
Again no error occurrs, but the connect-call is blocking. When closing the client using Ctrl+C it shows the following:
Traceback (most recent call last):
File "exampleClient.py", line 10, in <module>
sock.do_handshake()
File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
self._sslobj.do_handshake()
KeyboardInterrupt
So the do_handshake is blocking when connecting. Does anyone knows how to fix the problem? I simply want to use an encrypted TCP-connection :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
握手被阻塞,因为您在绑定之后包装了套接字;套接字正在侦听新连接,尚无客户端接受您的连接。
改为在接受连接时包装套接字:
现在握手成功,因为另一端有一个客户端要与之握手。。
流处理程序不需要额外的工作; python
ssl库为您提供与socket.socket()具有相同接口的对象。您也可以提前包装套接字,但请推迟握手,直到您接受连接:
The handshake is blocking because you are wrapping the socket after binding; the socket is listening for new connections, there is no client yet to accept your connections.
Wrap the socket when accepting a connection instead:
Now the handshake succeeds because there is a client on the other side to shake hands with.
There is no additional work necessary for the stream handler; the python
ssllibrary gives you objects with the same interface assocket.socket().You can also wrap the socket early, but do postpone the handshake until you accept a connection:
好的,我找到了解决方案。现在我使用类似的东西
此使用 OpenSSL 包:
在 MyTCPServer-Constructor 内部:
在 StreamRequestHandler 的设置方法中:
这似乎工作正常:-)
Ok, i found a solution. Now i use something similar to
this using the OpenSSL-package:
Inside the MyTCPServer-Constructor:
And in the setup-method of the StreamRequestHandler:
This seems to work fine :-)
这是因为您必须在对 ssl.wrap_socket 的调用中设置
do_handshake_on_connect参数:来源:http://docs.python.org/library/ssl.html
That's because you have to set the
do_handshake_on_connectargument in your call to ssl.wrap_socket:Source: http://docs.python.org/library/ssl.html