Just trying to set up a simple SSL server. I have never had anything SSL work for me in the past. I have a loose understanding of how SSL certificates and signing.
The code is simple
import socket, ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.load_cert_chain(certfile="mycertfile") ###############
bindsocket = socket.socket()
bindsocket.bind(('', 2099))
bindsocket.listen(5)
while True:
newsocket, fromaddr = bindsocket.accept()
sslsoc = context.wrap_socket(newsocket, server_side=True)
request = sslsoc.read()
print(request)
The line in there with the ###s after it is the one that isnt working. I don't know what I have to do with openssl to generate a PEM file that will work here.
Can anyone enlighten me as to how to make this simple socket work.
By the way, this is NOT used for HTTP.
you can use this command to generate a self-signed certificate
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
the openssl framework will ask you to enter some information, such as your country, city, etc. just follow the instruction, and you will get a cert.pem
file. the output file will have both your RSA private key, with which you can generate your public key, and the certificate.
the output file looks like this:
-----BEGIN RSA PRIVATE KEY-----
# your private key
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
# your certificate
-----END CERTIFICATE-----
just load it, and the ssl module will handle the rest for you:
context.load_cert_chain(certfile="cert.pem", keyfile="cert.pem")
btw, there is no "SSLContext" in python2. for guys who are using python2, just assign the pem file when wrapping socket:
newsocket, fromaddr = bindsocket.accept()
connstream = ssl.wrap_socket(newsocket,
server_side=True,
certfile="cert.pem",
keyfile="cert.pem",
ssl_version=YOUR CHOICE)
available ssl version: ssl.PROTOCOL_TLSv1
, ssl.PROTOCOL_SSLv2
, ssl.PROTOCOL_SSLv3
, ssl.PROTOCOL_SSLv23
. if you have no idea, ssl.PROTOCOL_SSLv23
may be your choice as it provides the most compatibility with other versions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With