Geek Answers Handbook

Adding SSL Support to SocketServer

I have a server based on ThreadingTCPServer . Now, Ii wants to add SSL support to this server. Without SSL, it works fine, but with SSLv3 I canโ€™t connect the client to the server, it always throws an exception: Error 111 Connection Refused . The error is that there is no SSL server on this port.

I added SSL support using the example I found here in Stackoverflow. Here is my code:

Server:

 class BeastServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True): SocketServer.BaseServer.__init__(self, server_address, RequestHandlerClass) ctx = SSL.Context(SSL.SSLv3_METHOD) cert = 'server.pem' key = 'key.pem' ctx.use_privatekey_file(key) ctx.use_certificate_file(cert) self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type)) if bind_and_activate: #self.server_bind() #self.server_a

Customer:

 class Client(object) : def verbinden (self, ip_) : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='server.pem') ssl_sock.connect((ip_, 10012)) return ssl_sock

The key and certificate file is created using public SSL. Hope someone can tell me what the problem is.

thanks for the help

Regards Patrick

+3
source share
3 answers

Use only the standard library

Server side:

 from SocketServer import TCPServer, ThreadingMixIn, StreamRequestHandler import ssl class MySSL_TCPServer(TCPServer): def __init__(self, server_address, RequestHandlerClass, certfile, keyfile, ssl_version=ssl.PROTOCOL_TLSv1, bind_and_activate=True): TCPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate) self.certfile = certfile self.keyfile = keyfile self.ssl_version = ssl_version def get_request(self): newsocket, fromaddr = self.socket.accept() connstream = ssl.wrap_socket(newsocket, server_side=True, certfile = self.certfile, keyfile = self.keyfile, ssl_version = self.ssl_version) return connstream, fromaddr class MySSL_ThreadingTCPServer(ThreadingMixIn, MySSL_TCPServer): pass class testHandler(StreamRequestHandler): def handle(self): data = self.connection.recv(4096) self.wfile.write(data) #test code MySSL_ThreadingTCPServer(('127.0.0.1',5151),testHandler,"cert.pem","key.pem").serve_forever()

Client side:

 import os import socket, ssl s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(s, ca_certs="cert.pem", cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_TLSv1) ssl_sock.connect(('127.0.0.1',5151)) ssl_sock.send('hello ~MySSL !') print ssl_sock.recv(4096) ssl_sock.close()

works well

+6
source

In fact, ssl from the standard library is working fine, maybe the problem with the source code was that you did not ask the base class not to communicate and not to activate. See below a working example based on TCPServer. Certificate and key files are expected to be in the same directory.

 import os import SocketServer class SSLTCPServer(SocketServer.TCPServer): def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True): """Constructor. May be extended, do not override.""" SocketServer.TCPServer.__init__(self, server_address, RequestHandlerClass, False) dir = os.path.dirname(__file__) key_file = os.path.join(dir, 'server.key') cert_file = os.path.join(dir, 'server.crt') import ssl self.socket = ssl.wrap_socket(self.socket, keyfile=key_file, certfile=cert_file, cert_reqs=ssl.CERT_NONE) if bind_and_activate: self.server_bind() self.server_activate()
+2
source

install openssl

sudo aptitude install python-openssl

 from OpenSSL import SSL import socket, SocketServer class SSlSocketServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def __init__(self, server_address, RequestHandlerClass, bind_and_activate=True): SocketServer.BaseServer.__init__(self, server_address, RequestHandlerClass) ctx = SSL.Context(SSL.SSLv3_METHOD) cert = 'cert.pem' key = 'private_key.pem' ctx.use_privatekey_file(key) ctx.use_certificate_file(cert) self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type)) if bind_and_activate: self.server_bind() self.server_activate() def shutdown_request(self,request): request.shutdown() class Decoder(SocketServer.StreamRequestHandler): def setup(self): self.connection = self.request self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) def handle(self): try: socket1 = self.connection str1 = socket1.recv(4096) print str1 except Exception, e: print 'socket error',e def main(): server = SSlSocketServer(('127.0.0.1', 9999), Decoder) server.serve_forever() if __name__ == '__main__': main()

now test server

 import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('localhost', 9999)) sslSocket = socket.ssl(s) print repr(sslSocket.server()) print repr(sslSocket.issuer()) sslSocket.write('Hello secure socket\n') s.close()
+1
source

More articles:


All Articles