1. 首页
  2. 问答
  3. “没有共享密码” 错误与Python和OpenSSL

“没有共享密码” 错误与Python和OpenSSL

2012-09-18 41 views
3

服务器:“没有共享密码” 错误与Python和OpenSSL

#!/usr/bin/env python 

import SocketServer 
import json 
from OpenSSL import SSL 
import os 
import socket 

TERMINATION_STRING = "Done" 

CERTIFICATE_PATH = os.getcwd() + '/CA/certs/01.pem' 
KEY_PATH = os.getcwd() + '/CA/private/key.pem' 
CA_PATH = os.getcwd() + '/CA/cacert.pem' 
print CA_PATH 

def verify_cb(conn, cert, errnum, depth, ok): 
    print('Got cert: %s' % cert.get_subject()) 
    return ok 

class SSLThreadingTCPServer(SocketServer.ThreadingTCPServer): 
    def __init__(self, address, handler): 
     SocketServer.ThreadingTCPServer.__init__(self, address, handler) 

     ctx = SSL.Context(SSL.SSLv23_METHOD) 
     ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb) 

     ctx.use_privatekey_file(KEY_PATH) 
     ctx.use_certificate_file(CERTIFICATE_PATH) 
     ctx.load_verify_locations(CA_PATH) 

     self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type)) 
     self.socket.set_accept_state() 

     self.server_bind() 
     self.server_activate() 

     print "Serving:", address[0], "on port:", address[1] 



class MemberUpdateHandler(SocketServer.StreamRequestHandler): 
    def setup(self): 
     self.connection = self.request 
     self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) 
     self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) 

     print self.client_address, "connected" 

    def handle(self): 
     data = "" 
     while True: 
      data += self.request.recv(1024).encode('utf-8').strip 
      if data[-4:] == "Done": 
       print "Done" 
       break 

      dataStrings = data.split(' ') 
      for item in dataStrings: 
       print item 

if __name__ == "__main__": 
    ADDRESS = 'localhost' 
    PORT = 42424 
    HOST = (ADDRESS, PORT) 

    s = SSLThreadingTCPServer(HOST, MemberUpdateHandler) 
    s.serve_forever()

客户端:在客户端

Error: [('SSL routines', 'SSL3_GET_CLIENT_HELLO', 'no shared cipher')]

错误:在服务器端

#!/usr/bin/env python 

from OpenSSL import SSL 
import socket 
import os 

HOST = 'localhost' 
PORT = 42424 
ADDRESS = (HOST, PORT) 

CERTIFICATE_FILE = os.getcwd() + '/CA/certs/02.pem' 
KEY_PATH = os.getcwd() + '/CA/clientKey.pem' 
CA_PATH = os.getcwd() + '/CA/cacert.pem' 

def verify_cb(conn, cert, errnum, depth, ok): 
    print('Got cert: %s' % cert.get_subject()) 
    return ok 

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 

ctx = SSL.Context(SSL.SSLv23_METHOD) 
ctx.set_verify(SSL.VERIFY_PEER, verify_cb) 
ctx.use_certificate_file(CERTIFICATE_FILE) 
ctx.use_privatekey_file(KEY_PATH) 
ctx.load_verify_locations(CA_PATH) 

sslSock = SSL.Connection(ctx, sock) 
sslSock.connect(ADDRESS) 

items = "this is a test Done" 

sslSock.sendall(items) 

sslSock.close()

错误:

OpenSSL.SSL.Error: [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'sslv3 alert handshake failure')]

我有一种感觉,我错过了一些简单的东西,但一直无法把它钉住。我在各个地方发现了和我一样的几个问题,但没有人回答。我是网络编程新手,非常感谢任何帮助。

使用Ubuntu 10.04和Python 2.6

来源

2012-09-18 Lunchbox

回答

1

一个错误是:

data += self.request.recv(1024).encode('utf-8').strip

,导致我的

TypeError: cannot concatenate 'str' and 'builtin_function_or_method' objects

它应该是:

data += self.request.recv(1024).encode('utf-8').strip()

这个例子为我工作。

Got cert: <X509Name object '/C=IT/ST=XXX/L=YYY/O=ZZZ/OU=NNN/CN=CA'> 
Got cert: <X509Name object '/C=IT/ST=XXX/L=YYY/O=ZZZ/OU=NNN/CN=Server'>

使用Stock 10.04测试从apt-get安装的Ubuntu服务器和软件包。

python-openssl     0.10-1 
openssl       0.9.8k-7ubuntu8 
python       2.6.5-0ubuntu1

您应该检查您的证书/ CA,或测试服务器与一些简单的脚本,列出了一些可用的密码:https://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-particular-website-of

更新2:

为了排除使用证书的一些问题您可以生成一些CA和服务器/客户端证书,如http://acs.lbl.gov/~boverhof/openssl_certs.html

来源

2012-09-18 14:43:49 pr0gg3d

+0

我运行该脚本,它说我的服务器上没有密码。这是否意味着OpenSSL没有任何可用的?这是编译时的事情吗? – Lunchbox

+1

很奇怪......你在使用一些自定义(手动编译)包吗?您应该深入研究或尝试重新生成一些CA和服务器/客户机证书,以便使用openssl进行测试。 – pr0gg3d

+0

我会这样做的。谢谢。 – Lunchbox

2

尝试将订单更改为:

... 
ctx.use_certificate_file(CERTIFICATE_PATH) 
ctx.use_privatekey_file(KEY_PATH) 
...

当我在我的代码中使用此命令我得到meanfull错误信息在服务器上开始(而不是在客户端连接):

Traceback (most recent call last): 
    File "src/server_main.py", line 230, in <module> 
    s = SSLClientsAuthServer() 
    File "src/server_main.py", line 134, in __init__ 
    ctx.use_privatekey_file (self.config.value['SERVER_KEY']) 
OpenSSL.SSL.Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')]

这是因为我真正使用webserver.key不是对应的网络服务器.crt:

$ openssl x509 -text -in certs/webserver.crt 
Certificate: 
Data: 
    Version: 3 (0x2) 
... 
      Modulus: 
       00:a1:b6:e3:ce:53:3d:c9:96:a6:06:1d:3e:ae:34: 
.... 


$ openssl rsa -text -in keys/webserver.key 
Private-Key: (2048 bit) 
modulus: 
    00:b7:34:61:d7:c7:0d:2b:5c:57:26:d0:8d:7a:04: 
....

确保您使用了相同的RSA密钥。

来源

2013-05-21 10:17:52 asashnov

相关问题

 相关问题