• Python3+ssl实现加密通信


    一、说明

    1. python标准库ssl可实现加密通信

    2. ssl库底层使用openssl,做了面向对像化改造和简化,但还是可以明显看出openssl的痕迹

    3. 本文先给出python实现的socket通信,在此基础上再给出ssl通信以便读者更方便地看到socket和ssl在python编程中的区别

    4. 说到ssl很多人都会想到https,但本质而言ssl是在传输层和应用层之间新插入的一个层,根据不同层无关原则ssl和https并没有任何绑定关系,ssl之上完全可以是其他任何应用层协议(比如pop/imap/telnet等等)

    二、程序实现

    2.1 socket通信实现

    客户端代码:

    import socket
    
    class client_class:
        def send_hello(self):
            # 与服务端建立连接
            client_socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
            client_socket.connect(('127.0.0.1',9999))
    
            # 向服务端发送消息
            msg = "do i connect with server ?".encode("utf-8")
            client_socket.send(msg)
            # 接收服务端返回的消息
            msg = client_socket.recv(1024).decode('utf-8')
            print(f"receive msg from server : {msg}")
            client_socket.close()
    
    if __name__ == "__main__":
        client = client_class()
        client.send_hello()

    服务端代码:

    import socket
    
    class server_class :
        def build_listen(self):
            # 监听端口
            server_socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
            server_socket.bind(('127.0.0.1',9999))
            server_socket.listen(5)
    
            while True:
                # 接收客户端连接
                client_socket, addr = server_socket.accept()
                # 接收客户端信息
                msg = client_socket.recv(1024).decode("utf-8")
                print(f"receive msg from client {addr}:{msg}")
                # 向客户端发送信息
                msg = f"yes , you have client_socketect with server.
    ".encode("utf-8")
                client_socket.send(msg)
                client_socket.close()
    
    if __name__ == "__main__":
        server = server_class()
        server.build_listen()

    2.2 ssl通信实现

    客户端代码:

    import socket
    import ssl
    
    class client_ssl:
        def send_hello(self,):
            # 生成SSL上下文
            context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
            # 加载信任根证书
            context.load_verify_locations('cert/ca.crt')
    
            # 与服务端建立socket连接
            with socket.create_connection(('127.0.0.1', 9443)) as sock:
                # 将socket打包成SSL socket
                # 一定要注意的是这里的server_hostname不是指服务端IP,而是指服务端证书中设置的CN,我这里正好设置成127.0.1而已
                with context.wrap_socket(sock, server_hostname='127.0.0.1') as ssock:
                    # 向服务端发送信息
                    msg = "do i connect with server ?".encode("utf-8")
                    ssock.send(msg)
                    # 接收服务端返回的信息
                    msg = ssock.recv(1024).decode("utf-8")
                    print(f"receive msg from server : {msg}")
                    ssock.close()
    
    if __name__ == "__main__":
        client = client_ssl()
        client.send_hello()

    服务端代码:

    import socket
    import ssl
    
    class server_ssl:
        def build_listen(self):
            # 生成SSL上下文
            context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
            # 加载服务器所用证书和私钥
            context.load_cert_chain('cert/server.crt', 'cert/server_rsa_private.pem.unsecure')
    
            # 监听端口
            with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:
                sock.bind(('127.0.0.1', 9443))
                sock.listen(5)
                # 将socket打包成SSL socket
                with context.wrap_socket(sock, server_side=True) as ssock:
                    while True:
                        # 接收客户端连接
                        client_socket, addr = ssock.accept()
                        # 接收客户端信息
                        msg = client_socket.recv(1024).decode("utf-8")
                        print(f"receive msg from client {addr}:{msg}")
                        # 向客户端发送信息
                        msg = f"yes , you have client_socketect with server.
    ".encode("utf-8")
                        client_socket.send(msg)
                        client_socket.close()
    
    if __name__ == "__main__":
        server = server_ssl()
        server.build_listen()

    三、运行结果

    当前项目结构如图所示,证书生成可参考:openssl实现双向认证教程(服务端代码+客户端代码+证书生成)

    3.1 socket通信运行结果

    客户端:

    服务端:

    3.2 ssl通信运行结果

    客户端:

    服务端:

     参考:

    https://docs.python.org/3/library/ssl.html#ssl.SSLContext.wrap_socket

  • 相关阅读:
    Go语言 插入排序并返回排序前的索引
    使用patch-package定制node_modules 中的依赖包
    移动端 rem自适应布局 (750的设计稿)
    通过原型截获input.value的方法
    ts 使用 keyof typeof
    logrotate日志管理工具
    【LeetCode刷题】239.滑动窗口最大值
    【LeetCode刷题】剑指Offer 48.最长不含重复字符的子字符串
    【LeetCode刷题】912. 排序数组
    【LeetCode刷题】744. 寻找比目标字母大的最小字母
  • 原文地址:https://www.cnblogs.com/lsdb/p/9397530.html
Copyright © 2020-2023  润新知