阐明Thrift TSSLSocket中字段的用途

时间:2015-12-26 14:45:23

标签: thrift thrift-protocol

我试图了解Thrift中SSL套接字的语义。特别是字段:ca_certs,keyfile和certfile完成。

客户端keyfile上的用法是私钥的路径,然后使用certfile

中的证书在服务器端使用证书进行验证

这些字段似乎对我不利,因为我希望在服务器端而不是客户端看到密钥文件字段。

服务器端的certfile是真正的pem(意味着公共证书和私钥的组合)还是只是一个证书?

验证客户端到服务器的正确用法是什么,反之亦然?

TSSLSocket Initializer

def __init__(self,
           host='localhost',
           port=9090,
           validate=True,
           ca_certs=None,
           keyfile=None,
           certfile=None,
           unix_socket=None,
           ciphers=None):
"""Create SSL TSocket

@param validate: Set to False to disable SSL certificate validation
@type validate: bool
@param ca_certs: Filename to the Certificate Authority pem file, possibly a
file downloaded from: http://curl.haxx.se/ca/cacert.pem  This is passed to
the ssl_wrap function as the 'ca_certs' parameter.
@type ca_certs: str
@param keyfile: The private key
@type keyfile: str
@param certfile: The cert file
@type certfile: str
@param ciphers: The cipher suites to allow. This is passed to
                the ssl_wrap function as the 'ciphers' parameter.
@type ciphers: str

Raises an IOError exception if validate is True and the ca_certs file is
None, not present or unreadable.
"""

服务器端:

class TSSLServerSocket(TSocket.TServerSocket):
SSL_VERSION = ssl.PROTOCOL_TLSv1

def __init__(self,
           host=None,
           port=9090,
           certfile='cert.pem',
           unix_socket=None,
           ciphers=None):

0 个答案:

没有答案