使用Flask API框架(Windows)和Twisted WSGI服务器,我能够启动客户端可以进行身份验证的TLS服务器。但是,当我添加客户端验证时,服务器无法通过SSL错误握手错误进行身份验证。
使用Flask开发服务器时,两种方式的身份验证都可以正常工作。 有关如何修复或调试的任何建议。
请参见下面的代码段。
服务器
srv_cert = crypto.load_certificate(crypto.FILETYPE_PEM, open('srv.crt', 'r').read())
srv_privKey = crypto.load_privatekey(crypto.FILETYPE_PEM, open('srv_pKey.pem', 'r').read())
ca_cert = crypto.load_certificate(crypto.FILETYPE_PEM,open('User_caChain.crt', 'r').read())
ssl_ctx = ssl.CertificateOptions(privateKey=srv_privKey,
certificate=srv_cert,
verify=True,
caCerts=[ca_cert])
https_server = endpoints.SSL4ServerEndpoint(reactor,
port=5001,
interface='myHost',
sslContextFactory=ssl_ctx)
# start server
resource = WSGIResource(reactor, reactor.getThreadPool(), app)
site = server.Site(resource)
https_server.listen(site)
log.startLogging(sys.stdout)
reactor.run()
客户
import requests
verify='Srv_caChain.crt'
cert=('user.crt', 'user_pKey.pem')
url = 'https://%s:5001/hi' % (socket.gethostname())
res = requests.get(url, verify=verify, cert=cert)
print res.status_code, res.content
烧瓶
app = Flask(__name__)
@app.route('/hi')
def hiMom():
s = "HI MOM!!!! %i %s %s " % (app.r, app.u, app.p)
resp = Response(response=s,
status=200,
mimetype="application/json")
return resp
if __name__ == "__main__":
ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
ssl_ctx.load_cert_chain('srv.crt', 'srv_pKey.pem')
ssl_ctx.verify_mode = ssl.CERT_REQUIRED
ssl_ctx.load_verify_locations(cafile='User_Inter01_caChain.crt')
app.run(host='myHost', port=5001, ssl_context=ssl_ctx,
threaded=True, use_reloader=False)