Please recommend a open source for Python ACLs function
Hello Dear All: I would like to write some simple python test code with ACL(Access Control List) functions. Now simply I aim to use MAC address as ACL parameters, is there any good ACL open source recommended for using? Simple one is better. Any tips or suggestions welcomed and appreciated. Thank you. Kay -- http://mail.python.org/mailman/listinfo/python-list
Localhost client-server simple ssl socket test program problems
Hello,everyone!!
I am writing a simple ssl client-server test program on my personal laptop.
And I encounter some problems with my simple programs.
Please give me some
helps.
My server code:
import socketimport sslbindsocket =
socket.socket()bindsocket.bind(('127.0.0.1', 1234))bindsocket.listen(5)print
'server is waiting for connection...'newsocket, fromaddr =
bindsocket.accept()print 'start ssl socket...'connstream =
ssl.wrap_socket(newsocket, server_side=True,
certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23)data = connstream.read()print 'connected from
address', fromaddrprint 'received data as', repr(data)connstream.close()
My client code:
import socketimport ssls = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)ssl_sock = ssl.wrap_socket(s,
ca_certs="/home/ckyang/PHA/testsslsocket/myCA.crt",
cert_reqs=ssl.CERT_REQUIRED)ssl_sock.connect(("127.0.0.1",
1234))ssl_sock.write("hello")ssl_sock.close()
---Server
side error:
File "views.py", line 17, in connstream = ssl.wrap_socket(newsocket,
server_side=True, certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt",
keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key",
ssl_version=ssl.PROTOCOL_SSLv23) File "/usr/lib/python2.7/ssl.py", line 344,
in wrap_socketciphers=ciphers) File "/usr/lib/python2.7/ssl.py", line 119,
in __init__ciphers)ssl.SSLError: [Errno 336265218] _ssl.c:347:
error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
Client side error:
File "client.py", line 10, in ssl_sock.connect(("127.0.0.1", 1234))
File "/usr/lib/python2.7/ssl.py", line 299, in connectself.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 283, in do_handshake
self._sslobj.do_handshake()socket.error: [Errno 104] Connection reset by peer
So
what is wrong with my code?
The codes are so simple and so much like python official site sample
demonstration, but I still cant get it work, so frustrating.
Seems the problem happened on server side then cause client side cant connect
well, is that right?
My platform is ubuntu, with openssl 0.9.8 and python 2.7.
All certificates and keys self-signed by openssl for test convenience.
This is the site for referrence :
http://andyjeffries.co.uk/articles/x509-encrypted-authenticated-socket-ruby-client
Or should I need a real certificate issued by a real CA to let things work?
Any tips or suggestions welcomed, thank you very much~
Good day.
Kay
--
http://mail.python.org/mailman/listinfo/python-list
RE: Localhost client-server simple ssl socket test program problems
Thanks for tips. But I dont understand one thing is if Python's SSL lib doesn't support encrypted private keys for sockets. Then why should we "encrypt" the private key with "openssl rsa -in /etc/home/ckyang/PHA/testsslsocket/mypha.key -out /etc/home/ckyang/PHA/testsslsocket/mypha-nopasswd.key" again? Shouldn't that be decrypted? And also this solution is not the right one, I use mypha-nopasswd.key replace the original one, still not work. So sad. But thanks. ^ ^ Kay > To: python-list@python.org > From: li...@cheimes.de > Subject: Re: Localhost client-server simple ssl socket test program problems > Date: Thu, 15 Dec 2011 20:45:43 +0100 > > Am 15.12.2011 20:09, schrieb Yang Chun-Kai: > > Server side error: > > > > File "views.py", line 17, in > > connstream = ssl.wrap_socket(newsocket, server_side=True, > > certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt", > > keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key", > > ssl_version=ssl.PROTOCOL_SSLv23) > > File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket > > ciphers=ciphers) > > File "/usr/lib/python2.7/ssl.py", line 119, in __init__ > > ciphers) > > ssl.SSLError: [Errno 336265218] _ssl..c:347: error:140B0002:SSL > > routines:SSL_CTX_use_PrivateKey_file:system lib > > This error is most likely caused by an encrypted private key. Python's > SSL lib doesn't support encrypted private keys for sockets. You can > encrypt the private key with > >openssl rsa -in /etc/home/ckyang/PHA/testsslsocket/mypha.key -out > /etc/home/ckyang/PHA/testsslsocket/mypha-nopasswd.key > > Christian > > > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
RE: Localhost client-server simple ssl socket test program problems
Hello~ Thanks for your fast reply. No, it doesn't ask for password, just a single line with "writing RSA kay", then mypha-nopasswd.key appeared. If my key is not in PEM Format, can openssl with simple commands to switch it to? Or I should re-do the self-signed process with some certain key-words / parameters? And what you mean about Python 2.x's SSL module doesn't support cert directories ? Can you be more specific about that ^^. Do you mean parameters with certfile and keyfile those two should put together or CA certificate need to be chained with other CA? Thanks. Kay > To: python-list@python.org > From: li...@cheimes.de > Subject: Re: Localhost client-server simple ssl socket test program problems > Date: Thu, 15 Dec 2011 21:19:14 +0100 > > Am 15.12.2011 21:09, schrieb Yang Chun-Kai: > > Thanks for tips. > > > > But I dont understand one thing is if Python's SSL lib doesn't support > > encrypted private keys for sockets. > > > > Then why should we "encrypt" the private key with "openssl rsa -in > > /etc/home/ckyang/PHA/testsslsocket/mypha.key -out > > > > /etc/home/ckyang/PHA/testsslsocket/mypha-nopasswd.key" again? > > > > Shouldn't that be decrypted? > > > > And also this solution is not the right one , I use mypha-nopasswd.key > > replace the original one, still not work. > > IIRC the command should decrypt the key. Did it prompt for a password? > > The error could be caused by other issues. For example the key and cert > must be in PEM Format. The PKS#12 isn't supported. I'm not sure if > Python's builtin SSL module loads DER certs. > > You may also missing a valid CA cert chain. Python 2.x's SSL module > doesn't support cert directories so you have to provide a chain file. > The certs in the chain file must be in the right order, too. > > Christian > > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
RE: Localhost client-server simple ssl socket test program problems
> To: python-list@python.org > From: li...@cheimes.de > Subject: Re: Localhost client-server simple ssl socket test program problems > Date: Thu, 15 Dec 2011 20:45:43 +0100 > > Am 15.12.2011 20:09, schrieb Yang Chun-Kai: > > Server side error: > > > > File "views.py", line 17, in > > connstream = ssl.wrap_socket(newsocket, server_side=True, > > certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt", > > keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key", > > ssl_version=ssl.PROTOCOL_SSLv23) > > File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket > > ciphers=ciphers) > > File "/usr/lib/python2.7/ssl.py", line 119, in __init__ > > ciphers) > > ssl.SSLError: [Errno 336265218] _ssl..c:347: error:140B0002:SSL > > routines:SSL_CTX_use_PrivateKey_file:system lib > > This error is most likely caused by an encrypted private key. Python's > SSL lib doesn't support encrypted private keys for sockets. You can > encrypt the private key with >>>>>> >>>I generate the server private key with "openssl genrsa -out mypha.key >>>>>> >>>2048".>>>But this seems the standard command to do it.>>>How do I get >>>>>> >>>the private key without encrypted ?>>>Or should I always do this and >>>>>> >>>encrypt it again to get it decrypted ?>>>If I use the encrypted key >>>>>> >>>and .csr to produce my certificate will that be different from >>>>>> >>>decrypted key?>>>Thanks.>>>Kay>>> >openssl rsa -in /etc/home/ckyang/PHA/testsslsocket/mypha.key -out > /etc/home/ckyang/PHA/testsslsocket/mypha-nopasswd.key > > Christian > > > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
python2.7 kill thread and find thread id
Hello,guys!! I am using python2.7 to write a simple thread program which print the current running thread id and kill it with this id. But I have some questions with this. My code: -from threading import Threadclass t(Thread): def __init__(self): Thread.__init__(self) def run(self): self.tid = Thread.get_ident() print 'thread id is', self.tid def kill(self): *** // how to do this with its own id, for example "exit(self.tid)" ?if __name__ == "__main__" go = t() go.start() go.kill()-First, I can't call get_ident(), seems not supported. Second, how to kill the thread with its own id? I know I can use SystemExit() to shut this down, but I want to kill the certain thread not the whole program. Anyone know how to fix my code to achieve it? Any tips welcomed. Thank you in advance. Kay -- http://mail.python.org/mailman/listinfo/python-list
RE: python2.7 kill thread and find thread id
Sorry for the misarrangement of my code in list, it happens everytime. I apologized. From: waitmefore...@hotmail.com To: python-list@python.org Subject: python2.7 kill thread and find thread id Date: Wed, 4 Jan 2012 14:10:46 +0800 Hello,guys!! I am using python2.7 to write a simple thread program which print the current running thread id and kill it with this id. But I have some questions with this. < /div>My code: -from threading import Threadclass t(Thread): def __init__(self): Thread.__init__(self) def run(self): self.tid = Thread.get_ident() print 'thread id is', self.tid def kill(self): *** // how to do this with its own id, for example "exit(self.tid)" ?if __name__ == "__main__" go = t() go.start() go.kill()-First, I can't call get_ident(), seems not supported. Second, how to kill the thread with its own id? I know I can use SystemExit() to shut this down, but I want to kill the certain thread not the whole program. Anyone know how to fix my code to achieve it? Any tips welcomed. Thank you in advance. Kay -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
