TLSServer: certificate one request behind...
Fabiano Sidler
fabianosidler at swissonline.ch
Sun Mar 18 15:01:01 EDT 2018
Hello? Rfd, anyone?
Thus wrote Fabiano Sidler:
> Thus wrote Fabiano Sidler:
> > What's the reason for this? Please find attached my TLSServer.
>
> Oh, sorry...! Apparently, the attachment has been stripped. Here inline:
>
> === tlsserver.py ===
> from socketserver import ThreadingTCPServer,StreamRequestHandler
> import ssl
>
> class TLSServer(ThreadingTCPServer):
> def __init__(self, *args, **kwargs):
> super(TLSServer, self).__init__(*args, **kwargs)
> ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
> ctx.set_servername_callback(self.servername_callback)
> ctx.check_hostname = False
> self._ctx = ctx
> def get_request(self):
> s,a = super(TLSServer, self).get_request()
> s = self._ctx.wrap_socket(s, server_side=True)
> return s,a
> def servername_callback(self, sock, req_hostname, cb_context):
> return ssl.ALERT_DESCRIPTION_INTERNAL_ERROR
>
>
> from OpenSSL import crypto as x509
> from tempfile import NamedTemporaryFile
>
> class SelfSigningServer(TLSServer):
> def servername_callback(self, sock, req_hostname, cb_context):
> key = x509.PKey()
> key.generate_key(x509.TYPE_RSA, 2048)
> cert = x509.X509()
> subj = cert.get_subject()
> subj.C = 'CH'
> subj.ST = 'ZH'
> subj.L = 'Zurich'
> subj.O = 'ACME Inc.'
> subj.OU = 'IT dept.'
> subj.CN = req_hostname
> cert.set_version(0x02)
> cert.set_serial_number(1000)
> cert.gmtime_adj_notBefore(0)
> cert.gmtime_adj_notAfter(10*365*24*60*60)
> cert.set_issuer(subj)
> cert.set_pubkey(key)
> cert.sign(key, 'sha256')
> certfile = NamedTemporaryFile()
> keyfile = NamedTemporaryFile()
> certfile.write(x509.dump_certificate(x509.FILETYPE_PEM, cert))
> keyfile.write(x509.dump_privatekey(x509.FILETYPE_PEM, key))
> certfile.seek(0)
> keyfile.seek(0)
> cb_context.load_cert_chain(certfile=certfile.name, keyfile=keyfile.name)
> cb_context.set_servername_callback(self.servername_callback)
> sock.context = cb_context
> certfile.close()
> keyfile.close()
>
> class SelfSigningHandler(StreamRequestHandler):
> def handle(self):
> self.wfile.write(b'Hello World!\r\n')
>
> server = SelfSigningServer(('localhost',1234), SelfSigningHandler)
> server.serve_forever()
> === tlsserver.py ===
>
> Thanks again!
> --
> https://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list