Re: TLSServer: certificate one request behind...

Fabiano Sidler Sun, 18 Mar 2018 12:04:40 -0700

Hello? Rfd, anyone?


Thus wrote Fabiano Sidler:
> Thus wrote Fabiano Sidler:
> > What's the reason for this? Please find attached my TLSServer.
> 
> Oh, sorry...! Apparently, the attachment has been stripped. Here inline:
> 
> === tlsserver.py ===
> from socketserver import ThreadingTCPServer,StreamRequestHandler
> import ssl
> 
> class TLSServer(ThreadingTCPServer):
>       def __init__(self, *args, **kwargs):
>               super(TLSServer, self).__init__(*args, **kwargs)
>               ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
>               ctx.set_servername_callback(self.servername_callback)
>               ctx.check_hostname = False
>               self._ctx = ctx
>       def get_request(self):
>               s,a = super(TLSServer, self).get_request()
>               s = self._ctx.wrap_socket(s, server_side=True)
>               return s,a
>       def servername_callback(self, sock, req_hostname, cb_context):
>               return ssl.ALERT_DESCRIPTION_INTERNAL_ERROR
> 
> 
> from OpenSSL import crypto as x509
> from tempfile import NamedTemporaryFile
> 
> class SelfSigningServer(TLSServer):
>       def servername_callback(self, sock, req_hostname, cb_context):
>               key = x509.PKey()
>               key.generate_key(x509.TYPE_RSA, 2048)
>               cert = x509.X509()
>               subj = cert.get_subject()
>               subj.C  = 'CH'
>               subj.ST = 'ZH'
>               subj.L  = 'Zurich'
>               subj.O  = 'ACME Inc.'
>               subj.OU = 'IT dept.'
>               subj.CN = req_hostname
>               cert.set_version(0x02)
>               cert.set_serial_number(1000)
>               cert.gmtime_adj_notBefore(0)
>               cert.gmtime_adj_notAfter(10*365*24*60*60)
>               cert.set_issuer(subj)
>               cert.set_pubkey(key)
>               cert.sign(key, 'sha256')
>               certfile = NamedTemporaryFile()
>               keyfile = NamedTemporaryFile()
>               certfile.write(x509.dump_certificate(x509.FILETYPE_PEM, cert))
>               keyfile.write(x509.dump_privatekey(x509.FILETYPE_PEM, key))
>               certfile.seek(0)
>               keyfile.seek(0)
>               cb_context.load_cert_chain(certfile=certfile.name, 
> keyfile=keyfile.name)
>               cb_context.set_servername_callback(self.servername_callback)
>               sock.context = cb_context
>               certfile.close()
>               keyfile.close()
> 
> class SelfSigningHandler(StreamRequestHandler):
>       def handle(self):
>               self.wfile.write(b'Hello World!\r\n')
> 
> server = SelfSigningServer(('localhost',1234), SelfSigningHandler)
> server.serve_forever()
> === tlsserver.py ===
> 
> Thanks again!
> -- 
> https://mail.python.org/mailman/listinfo/python-list
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: TLSServer: certificate one request behind...

Reply via email to