<br><br><div class="gmail_quote">2011/12/15 Yang Chun-Kai <span dir="ltr"><<a href="mailto:waitmeforever@hotmail.com">waitmeforever@hotmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">
<font size="4">Hello,everyone!!</font><div><font size="3"><br></font></div><div><font size="3">I am writing a simple ssl client-server test program on my personal laptop.</font></div><div><font size="3"><br></font></div>
<div><font size="3">And I encounter some problems with my simple programs.</font></div><div><font size="3"><br></font></div><div><font size="3">Please give me some helps.</font></div><div><font size="3">--------------------------------------------------------------------------------------------------------------------------------------------------------</font></div>
<div><font size="3"><br></font></div><div><font size="4">My server code:</font></div><div><font size="3"><br></font></div><div><div>import socket</div><div style="font-size:medium">import ssl</div><div style="font-size:medium">
bindsocket = socket.socket()</div><div style="font-size:medium">bindsocket.bind(('127.0.0.1', 1234))</div><div style="font-size:medium">bindsocket.listen(5)</div><div style="font-size:medium">print 'server is waiting for connection...'</div>
<div style="font-size:medium">newsocket, fromaddr = bindsocket.accept()</div><div style="font-size:medium">print 'start ssl socket...'</div><div style="font-size:medium">connstream = ssl.wrap_socket(newsocket, server_side=True, certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt", keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key", ssl_version=ssl.PROTOCOL_SSLv23)</div>
<div style="font-size:medium">data = connstream.read()</div><div style="font-size:medium">print 'connected from address', fromaddr</div><div style="font-size:medium">print 'received data as', repr(data)</div>
<div>connstream.close()</div><div style="font-size:medium"><br></div><div><font size="4">My client code:</font></div><div style="font-size:medium"><br></div><div style="font-size:medium"><div>import socket</div><div>import ssl</div>
<div>s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)</div><div>ssl_sock = ssl.wrap_socket(s, ca_certs="/home/ckyang/PHA/testsslsocket/myCA.crt", cert_reqs=ssl.CERT_REQUIRED)</div><div>ssl_sock.connect(("127.0.0.1", 1234))</div>
<div>ssl_sock.write("hello")</div><div>ssl_sock.close()</div></div><div style="font-size:medium"><br></div><div style="font-size:medium">-----------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><font size="4">Server side error:</font></div><div style="font-size:medium"><br></div><div style="font-size:medium">File "views.py", line 17, in &
lt;module></div><div style="font-size:medium"><div>connstream = ssl.wrap_socket(newsocket, server_side=True, certfile="/etc/home/ckyang/PHA/testsslsocket/mypha.crt", keyfile="/etc/home/ckyang/PHA/testsslsocket/mypha.key", ssl_version=ssl.PROTOCOL_SSLv23)</div>
<div> File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket</div><div> ciphers=ciphers)</div><div> File "/usr/lib/python2.7/ssl.py", line 119, in __init__</div><div> ciphers)</div><div>ssl.SSLError: [Errno 336265218] _ssl.c:347: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib</div>
</div><div style="font-size:medium"><br></div><div><font size="4">Client side error:</font></div><div style="font-size:medium"><br></div><div style="font-size:medium"><div>File "client.py", line 10, in <module></div>
<div> ssl_sock.connect(("127.0.0.1", 1234))</div><div> File "/usr/lib/python2.7/ssl.py", line 299, in connect<u></u><div> self.do_handshake()</div><div> File "/usr/lib/python2.7/ssl.py", line 283, in do_handshake</div>
<div> self._sslobj.do_handshake()</div><div>socket.error: [Errno 104] Connection reset by peer</div></div><div style="font-size:medium"><br></div></div><div style="font-size:medium">------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div style="font-size:medium">So what is wrong with my code?</div><div style="font-size:medium"><br></div><div style="font-size:medium">The codes are so simple and so much like python official site sample demonstration, but I still cant get it work, so frustrating. </div>
<div style="font-size:medium"><br></div><div style="font-size:medium">Seems the problem happened on server side then cause client side cant connect well, is that right?</div><div style="font-size:medium"><br><u></u><div style="font-size:medium">
My platform is ubuntu, with openssl 0.9.8 and python 2.7.</div><div style="font-size:medium"><br></div><div style="font-size:medium">All certificates and keys self-signed by openssl for test convenience.</div><div style="font-size:medium">
<br></div><div style="font-size:medium">This is the site for referrence : <a href="http://andyjeffries.co.uk/articles/x509-encrypted-authenticated-socket-ruby-client" target="_blank">http://andyjeffries.co.uk/articles/x509-encrypted-authenticated-socket-ruby-client</a></div>
<div style="font-size:medium"><br></div><div style="font-size:medium">Or should I need a real certificate issued by a real CA to let things work?</div><div style="font-size:medium"><br></div><div style="font-size:medium">
Any tips or suggestions welcomed, thank you very much~</div><div style="font-size:medium"><br></div><div style="font-size:medium">Good day.</div><div style="font-size:medium"><br></div><div><font size="3">Kay</font></div>
<div style="font-size:medium"><br></div> <u></u></div>
</div></div></div><br>_______________________________________________<br>
Tutor maillist - <a href="mailto:Tutor@python.org">Tutor@python.org</a><br>
To unsubscribe or change subscription options:<br>
<a href="http://mail.python.org/mailman/listinfo/tutor" target="_blank">http://mail.python.org/mailman/listinfo/tutor</a><br>
<br></blockquote></div><br>You're trying to connect to the same port on localhost as a client and a server? I don't know for certain but I don't think that should work.<br>Two computers?<br><br clear="all"><br>
-- <br>Alexander<br>7D9C597B<br><br>