Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- # Foundations of Python Network Programming, Third Edition
- # https://github.com/brandon-rhodes/fopnp/blob/m/py3/chapter06/safe_tls.py
- # Simple TLS client and server using safe configuration defaults
- import argparse, socket, ssl
- def client(host, port, cafile=None):
- purpose = ssl.Purpose.SERVER_AUTH
- context = ssl.create_default_context(purpose, cafile=cafile)
- raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- raw_sock.connect((host, port))
- print('Connected to host {!r} and port {}'.format(host, port))
- ssl_sock = context.wrap_socket(raw_sock, server_hostname=host)
- while True:
- data = ssl_sock.recv(1024)
- if not data:
- break
- print(repr(data))
- def server(host, port, certfile, cafile=None):
- purpose = ssl.Purpose.CLIENT_AUTH
- context = ssl.create_default_context(purpose, cafile=cafile)
- context.load_cert_chain(certfile)
- listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- listener.bind((host, port))
- listener.listen(1)
- print('Listening at interface {!r} and port {}'.format(host, port))
- raw_sock, address = listener.accept()
- print('Connection from host {!r} and port {}'.format(*address))
- ssl_sock = context.wrap_socket(raw_sock, server_side=True)
- ssl_sock.sendall('Simple is better than complex.'.encode('ascii'))
- ssl_sock.close()
- if __name__ == '__main__':
- parser = argparse.ArgumentParser(description='Safe TLS client and server')
- parser.add_argument('host', help='hostname or IP address')
- parser.add_argument('port', type=int, help='TCP port number')
- parser.add_argument('-a', metavar='cafile', default=None,
- help='authority: path to CA certificate PEM file')
- parser.add_argument('-s', metavar='certfile', default=None,
- help='run as server: path to server PEM file')
- args = parser.parse_args()
- if args.s:
- server(args.host, args.port, args.s, args.a)
- else:
- client(args.host, args.port, args.a)
- python safe_tls.py -s localhost.pem '' 1060
- python safe_tls.py -a ca.crt localhost 1060
- Listening at interface '' and port 1060
- Connection from host '127.0.0.1' and port 35148
- Traceback (most recent call last):
- File "safe_tls.py", line 50, in <module>
- server(args.host, args.port, args.s, args.a)
- File "safe_tls.py", line 35, in server
- ssl_sock = context.wrap_socket(raw_sock, server_side=True)
- File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
- _context=self, _session=session)
- File "/usr/lib/python3.6/ssl.py", line 814, in __init__
- self.do_handshake()
- File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
- self._sslobj.do_handshake()
- File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
- self._sslobj.do_handshake()
- ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:833)
- Connected to host 'localhost' and port 1060
- Traceback (most recent call last):
- File "safe_tls.py", line 52, in <module>
- client(args.host, args.port, args.a)
- File "safe_tls.py", line 15, in client
- ssl_sock = context.wrap_socket(raw_sock, server_hostname=host)
- File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
- _context=self, _session=session)
- File "/usr/lib/python3.6/ssl.py", line 814, in __init__
- self.do_handshake()
- File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
- self._sslobj.do_handshake()
- File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
- self._sslobj.do_handshake()
- ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
Add Comment
Please, Sign In to add comment