Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Auto enter pass phrase in case of Python ssl Client/Server

I need to create Client/Server application to send files from clients to Server. I use simple ssl sockets for that and authenticate with certificates.

 
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(ms,
                           keyfile=".../newCA/my_client.key",
                           certfile=".../newCA/my_client.crt",
                           server_side=0,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
ssl_sock.connect((HOST, MPORT))

And Server side:


msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.ssl_sock = ssl.wrap_socket(msock,
                           keyfile=".../newCA/my_server.key",
                           certfile=".../newCA/my_server.crt",
                           server_side=1,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
        self.ssl_sock.bind(('', self.PORT))
        self.ssl_sock.listen(self.QUEUE_MAX)

The problem is the following: when client tries to connect to Server, it requires Enter the pass phrase for private key for Both: for Server-side and Client-side.

  • In Java we need to set System Property: javax.net.ssl.keyStorePassword="" and it has to be used automatically, But how is it been used in Python? I can't enter pass phrase all time the client connects.

The problem is that my Application:Client should use already signed certificate, and Server should use already signed certificate too. I can't change it. Both Serever and Clients are long-living applications, so we just run it and we no need to look for them. But, as I understand, Python doesn't provide statndard way to automatically enter pass phrase for private key. May be other suggestions?

like image 540
rauch Avatar asked May 05 '10 09:05

rauch


1 Answers

You can refer to SSLSocket passphrase/password in Python as well. It is valid to remove the passphrase of the private key file for the server side case. OpenSSL provides utils to do that. For example:

openssl pkey -in yourkey-with-pass.pem -out yourkey-without-pass.pem

like image 77
Gang Wang Avatar answered Nov 14 '22 23:11

Gang Wang