使用 python/ruby 创建 ssl 服务端程序
1. 创建一个自签名的 SSL 证书[*]#### 使用 OpenSSL 创建自签名证书
[*]
[*]
[*]## 1.创建根证书的私钥
[*]openssl genrsa -out ca.key 1024
[*]
[*]## 2.使用私钥创建根证书
[*]openssl req -new -x509 -days 36500 -key ca.key-out ca.crt -subj "/C=CN/ST=Fujian/L=Xiamen/O=Your Company Name/OU=Your Root CA"
[*]
[*]## 3.创建服务器私钥
[*]openssl genrsa -out server.key 1024
[*]
[*]## 4.使用服务器私钥创建证书请求文件
[*]openssl req -new -key server.key-out server.csr -subj "/C=CN/ST=Fujian/L=Xiamen/O=Your Company Name/OU=youwebsite.org/CN=yourwebsite.org"
[*]
[*]## 5.准备工作
[*]mkdir -p demoCA/newcerts
[*]touch demoCA/index.txt
[*]echo '01' > demoCA/serial
[*]
[*]## 6.创建服务器证书并使用ca根证书签名
[*]openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
[*]
[*]
[*]## ---查看不同格式文件的内容命令语法
[*]# openssl rsa-noout -text -in ca.key
[*]# openssl x509 -noout -text -in ca.crt
[*]# openssl rsa-noout -text -in server.key
[*]# openssl req-noout -text -in server.csr
[*]# openssl x509 -noout -text -in server.crt
[*]
[*]## 创建证书最简单方式
[*]# openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
2. python server
[*]import socket, ssl
[*]import time
[*]
[*]cacrtf="ca/ca.crt"
[*]crtf="ca/server.crt"
[*]keyf="ca/server.key"
[*]
[*]server_sc = socket.socket()
[*]server_sc.bind(('', 10023))
[*]server_sc.listen(5)
[*]
[*]newsocket, addr = server_sc.accept()
[*]sc = ssl.wrap_socket(newsocket,
[*] server_side=True,
[*] certfile=crtf,
[*] keyfile=keyf,
[*] ca_certs=cacrtf)
[*]
[*]data = sc.read()
[*]print data
[*]sc.write('Back time: ' + str(time.time()))
[*]
[*]sc.close()
[*]server_sc.close()
3. python client
[*]import socket, ssl, pprint
[*]import time
[*]
[*]cacrtf="ca/ca.crt"
[*]crtf="ca/server.crt"
[*]keyf="ca/server.key"
[*]
[*]socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
[*]ssl_socket = ssl.wrap_socket(socket, ca_certs=cacrtf, cert_reqs=ssl.CERT_REQUIRED)
[*]ssl_socket.connect(('127.0.0.1', 10023))
[*]
[*]print repr(ssl_socket.getpeername())
[*]print ssl_socket.cipher()
[*]print pprint.pformat(ssl_socket.getpeercert())
[*]
[*]ssl_socket.write("Time: %s\r\n" % time.time())
[*]
[*]data = ssl_socket.read()
[*]print data
[*]
[*]ssl_socket.close()
4. ruby server
[*]require 'socket'
[*]require 'openssl'
[*]
[*]$cacrtf="ca/ca.crt"
[*]$crtf="ca/server.crt"
[*]$keyf="ca/server.key"
[*]
[*]server = TCPServer.new('127.0.0.1', 10024)
[*]ctx = OpenSSL::SSL::SSLContext.new()
[*]ctx.cert= OpenSSL::X509::Certificate.new(File.open($crtf))
[*]ctx.key = OpenSSL::PKey::RSA.new(File.open($keyf))
[*]ssl_server = OpenSSL::SSL::SSLServer.new(server, ctx)
[*]
[*]sc = ssl_server.accept
[*]
[*]p sc.gets
[*]sc.puts "Back Time: #{Time.now}"
[*]
[*]sc.close
[*]ssl_server.close
5. ruby client
[*]require 'socket'
[*]require 'openssl'
[*]
[*]$cacrtf="ca/ca.crt"
[*]$crtf="ca/server.crt"
[*]$keyf="ca/server.key"
[*]
[*]socket = TCPSocket.new('127.0.0.1', 10024)
[*]context = OpenSSL::SSL::SSLContext.new
[*]context.cert= OpenSSL::X509::Certificate.new(File.open($cacrtf)) # $cacrtf or $crtf
[*]ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, context)
[*]ssl_socket.sync_close = true
[*]ssl_socket.connect
[*]p ssl_socket.ssl_version
[*]
[*]ssl_socket.puts "Time: #{Time.now}"
[*]p ssl_socket.gets
[*]
[*]ssl_socket.close
end.
页:
[1]