socket. [SSL:CERTIFICATE_VERIFY_FAILED](_ssl.c:590)从Client.py到Node Server.js

时间:2016-05-26 22:14:35

标签: node.js python-2.7 sockets ssl

我收到此错误

 File "C:\Python27\lib\ssl.py", line 844, in connect
    self._real_connect(addr, False)
  File "C:\Python27\lib\ssl.py", line 835, in _real_connect
    self.do_handshake()
  File "C:\Python27\lib\ssl.py", line 808, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

我正在尝试在python客户端和node.js服务器之间建立安全连接(ssl.socket),我接受了上述错误。我不知道遗失了什么或者我的错是什么。这是我的python客户端和node.js服务器的源代码

Node.js中的服务器套接字:

var _HOST = '192.168.1.136';
    var _PORT = 1337;
    var _address;

    const tls = require('tls');
    const fs = require('fs');

    const options = {
        // These are necessary only if using the client certificate authentication
        key: fs.readFileSync('./SSL_TLS/ServerCakey.pem'),
        cert: fs.readFileSync('./SSL_TLS/Server-cert.pem'),
        requestCert: true
    };

    var server = tls.createServer(options, (socket) => {
        //const ProtocolEmmitter = new BasicProtocolEmmitter();

        socket.on('connect', (e) => {
            console.log('client connected ' +
                socket.remoteAddress + ':' +
                socket.remotePort);
            console.log('server connected',
                socket.authorized ? 'authorized' : 'unauthorized');
        });

        socket.on('data', function(data) {
            console.log('clients says' + ': ' + data);
        });

        socket.on('error', function(data) {
            console.log('client on error', data);

        });

        socket.on('close', (e) => {
            console.log('client disconnected');
            socket.end;
            setTimeout(() => {
                server.close();
                server.listen(_PORT, _HOST, () => {
                    _address = server.address();
                    console.log('opened server on %j', _address);
                    console.log(' Server listening on %j ', _HOST, ':', _PORT);
                });
            }, 10000);
        });

    });

这是我的Client.py Socket :(我使用的是Python 2.7.11)

class SSLSocket:
    def __init__(self):
        Context = self.__loadContext()
        self._SSL_Sock = Context.wrap_socket(socket.socket(socket.AF_INET),
                                                           server_hostname=host)
       self._SSL_Sock.connect((host, port))

    def __loadContext(self):
        context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
        context.verify_mode = ssl.CERT_REQUIRED
        context.check_hostname = True
        context.load_verify_locations("..Path/Client.crt")
        return context

我忘了提到我成功创建了client.crt并且我成功验证了它

 `openssl x509 -req -days 365 -in server.csr -signkey server.key -out client.crt` 

Signature Ok

1 个答案:

答案 0 :(得分:1)

    context.load_verify_locations("..Path/Client.crt")

我认为你在这里遇到问题:

  • 信任路径设置错误:load_verify_locations应设置受信任的CA,即它应包含服务器证书的颁发者,而不是某些客户端证书。
  • 缺少客户端证书的设置:要加载客户端证书,您应该使用load_cert_chain
相关问题
最新问题