使用httplib2打开ssl连接时出错

时间:2011-11-04 09:47:39

标签: python sockets https certificate httplib2

我正在使用httplib2打开ssl连接。以下是代码。

import httplib2

if __name__=='__main__':
    conn = httplib2.Http(disable_ssl_certificate_validation=True)
    conn.add_certificate('serverkey.pem', 'servercert.pem', '')
    resp, content = conn.request(uri = 'https://xxx.xxx.xxx.xxx:xxxx/Konfigurator
                   /REST/login?userName=xxx&pass=xxx', method = 'POST')
    print resp

这是我得到的错误。

Traceback (most recent call last):
File "C:\eclipse-workspace\REST\src\examples.py", line 7, in <module>
resp, content = conn.request(uri = 'https://xxx.xxx.xxx.xxx:xxx/Konfigurator/REST/login?userName=xxx&pass=xxx', method = 'POST')
File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1437, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
 File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1189, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
 File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 1163, in _conn_request
conn.connect()
File "C:\Python27\lib\site-packages\httplib2-0.7.1-py2.7.egg\httplib2\__init__.py", line 925, in connect
raise socket.error, msg
socket.error: [Errno 10054] An existing connection was forcibly closed by the remote host

代码是否正确或我在这里遗漏了什么?

2 个答案:

答案 0 :(得分:2)

我得到了它的工作。问题是服务器仅支持TLSv1和SSLv3加密。如果未指定版本,则httplib2模块默认为SSLv23。这导致服务器使用RST数据包进行响应。可能是他们代码中的错误。在 init .py中进行了更改,在wrap_socket函数中包含“ssl_version = 3”(TLS为3)并且它有效。

答案 1 :(得分:1)

您的代码似乎是正确的,即以下简化版本能够正确获取Google的HTTPS首页:

>>> import httplib2
... from pprint import pprint
... conn = httplib2.Http()
... resp, content = conn.request(uri="https://encrypted.google.com")
... pprint(resp)
{'cache-control': 'private, max-age=0',
 'content-location': 'https://encrypted.google.com',
 'content-type': 'text/html; charset=ISO-8859-1',
 'date': 'Fri, 04 Nov 2011 09:56:58 GMT',
 'expires': '-1',
 'server': 'gws',
 'set-cookie': 'PREF=ID=efe3264c0da8b563:FF=0:TM=1320400618:LM=1320400618:S=AsZHdP7eQQXrsYOw; expires=Sun, 03-Nov-2013 09:56:58 GMT; path=/; domain=.google.com, NID=52=RJx7UWMiVEQGLvS3nVLz4iit6Z-V0pMSXzbReygHwJVt40kg4rhs1NS2U025XEyz_0ajtbGhsUDqbqIK5gje16sxka4sStsV4KmQRPOnbpNoeL4mN9Nge-NSEoziU8yH; expires=Sat, 05-May-2012 09:56:58 GMT; path=/; domain=.google.com; HttpOnly',
 'status': '200',
 'transfer-encoding': 'chunked',
 'x-frame-options': 'SAMEORIGIN',
 'x-xss-protection': '1; mode=block'}

所以我猜你的证书导致远程服务器barf并强行断开会话。您是否控制服务器,如果是,您是否从服务器获得任何日志或诊断信息?

实际上,仔细观察,我正在尝试理解你的“add_certificate”电话。为什么要将该特定IP地址指定为证书的域?服务器的密钥是否实际代表该IP地址?你试过一个空字符串吗?

相关问题
最新问题