5

I am a beginner of python. I have implemented the one way SSL authentication in python, below is a part of the server side code:

...
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('', 12345))
s.listen(5)
while True:
    (connection, address) = s.accept()
    connstream = ssl.wrap_socket(connection,
                                server_side=True,
                                certfile="ssl/server.crt",
                                keyfile="ssl/server.key",
                                )
    #print repr(connection.recv(65535));
    try:
        deal_with_client(connstream)
            ....

below is the client side code:

import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,
                       ca_certs="ssl/server.crt",
                       cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('localhost', 12345))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
while 1:
ssl_sock.write("boo!")
s.close()

Actually I want to perform two way SSL authentication, then I generated the certificates of ca and client and private key of client and ca by using openssl tool. Now I have below six files:

ca.crt
server.crt
client.crt
ca.key
server.key
client.key

So now how can I modify the server side and client side code to perform two way two way SSL authentication?

Sorry for my english, please help.

Improve this question

2 Answers 2

Reset to default
1

If you are client and want to connect a server and send request at the same time, you can use the following code

response = requests.post(url, data=your_data, cert=('path_client_certificate_file', 'path_certificate_key_file'), verify='path_rootCA')
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You just need to do the same in the client and in the server:

#server
ssl.wrap_socket(connection,
                            server_side=True,
                            certfile="ssl/server.crt",
                            keyfile="ssl/server.key",
                            ca_certs="ssl/client.crt"
                            )


#client
ssl_sock = ssl.wrap_socket(s,
                   ca_certs="ssl/server.crt",
                   cert_reqs=ssl.CERT_REQUIRED,
                   certfile="ssl/client.crt",
                   keyfile="ssl/client.key"
                   )

I know this is an old one, but I looked for the same thing and didn't find an answer.

Improve this answer

1 Comment

Are you missing cert_reqs=ssl.CERT_REQUIRED on the server wrap_socket list?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.