使用 python/ruby 创建 ssl 服务端程序

艾丝凡家的

1. 创建一个自签名的 SSL 证书

• #### 使用 OpenSSL 创建自签名证书
  
  
• 
  
• 
  
• ## 1.创建根证书的私钥
  
• openssl genrsa -out ca.key 1024
  
• 
  
• ## 2.使用私钥创建根证书
  
• openssl req -new -x509 -days 36500 -key ca.key  -out ca.crt -subj "/C=CN/ST=Fujian/L=Xiamen/O=Your Company Name/OU=Your Root CA"
  
• 
  
• ## 3.创建服务器私钥
  
• openssl genrsa -out server.key 1024
  
• 
  
• ## 4.使用服务器私钥创建证书请求文件
  
• openssl req -new -key server.key  -out server.csr -subj "/C=CN/ST=Fujian/L=Xiamen/O=Your Company Name/OU=youwebsite.org/CN=yourwebsite.org"
  
• 
  
• ## 5.准备工作
  
• mkdir -p demoCA/newcerts
  
• touch demoCA/index.txt
  
• echo '01' > demoCA/serial
  
• 
  
• ## 6.创建服务器证书并使用ca根证书签名
  
• openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
  
• 
  
• 
  
• ## ---查看不同格式文件的内容命令语法
  
• # openssl rsa  -noout -text -in ca.key
  
• # openssl x509 -noout -text -in ca.crt
  
• # openssl rsa  -noout -text -in server.key
  
• # openssl req  -noout -text -in server.csr
  
• # openssl x509 -noout -text -in server.crt
  
• 
  
• ## 创建证书最简单方式
  
• # openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
  

2. python server

• import socket, ssl
  
  
• import time
  
• 
  
• cacrtf="ca/ca.crt"
  
• crtf="ca/server.crt"
  
• keyf="ca/server.key"
  
• 
  
• server_sc = socket.socket()
  
• server_sc.bind(('', 10023))
  
• server_sc.listen(5)
  
• 
  
• newsocket, addr = server_sc.accept()
  
• sc = ssl.wrap_socket(newsocket,
  
•                      server_side=True,
  
•                      certfile=crtf,
  
•                      keyfile=keyf,
  
•                      ca_certs=cacrtf)
  
• 
  
• data = sc.read()
  
• print data
  
• sc.write('Back time: ' + str(time.time()))
  
• 
  
• sc.close()
  
• server_sc.close()
  

3. python client

• import socket, ssl, pprint
  
  
• import time
  
• 
  
• cacrtf="ca/ca.crt"
  
• crtf="ca/server.crt"
  
• keyf="ca/server.key"
  
• 
  
• socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  
• ssl_socket = ssl.wrap_socket(socket, ca_certs=cacrtf, cert_reqs=ssl.CERT_REQUIRED)
  
• ssl_socket.connect(('127.0.0.1', 10023))
  
• 
  
• print repr(ssl_socket.getpeername())
  
• print ssl_socket.cipher()
  
• print pprint.pformat(ssl_socket.getpeercert())
  
• 
  
• ssl_socket.write("Time: %s\r\n" % time.time())
  
• 
  
• data = ssl_socket.read()
  
• print data
  
• 
  
• ssl_socket.close()
  

4. ruby server

• require 'socket'
  
  
• require 'openssl'
  
• 
  
• $cacrtf="ca/ca.crt"
  
• $crtf="ca/server.crt"
  
• $keyf="ca/server.key"
  
• 
  
• server = TCPServer.new('127.0.0.1', 10024)
  
• ctx = OpenSSL::SSL::SSLContext.new()
  
• ctx.cert= OpenSSL::X509::Certificate.new(File.open($crtf))
  
• ctx.key = OpenSSL::PKey::RSA.new(File.open($keyf))
  
• ssl_server = OpenSSL::SSL::SSLServer.new(server, ctx)
  
• 
  
• sc = ssl_server.accept
  
• 
  
• p sc.gets
  
• sc.puts "Back Time: #{Time.now}"
  
• 
  
• sc.close
  
• ssl_server.close
  

5. ruby client

• require 'socket'
  
  
• require 'openssl'
  
• 
  
• $cacrtf="ca/ca.crt"
  
• $crtf="ca/server.crt"
  
• $keyf="ca/server.key"
  
• 
  
• socket = TCPSocket.new('127.0.0.1', 10024)
  
• context = OpenSSL::SSL::SSLContext.new
  
• context.cert= OpenSSL::X509::Certificate.new(File.open($cacrtf)) # $cacrtf or $crtf
  
• ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, context)
  
• ssl_socket.sync_close = true
  
• ssl_socket.connect
  
• p ssl_socket.ssl_version
  
• 
  
• ssl_socket.puts "Time: #{Time.now}"
  
• p ssl_socket.gets
  
• 
  
• ssl_socket.close
  

end.