【发布时间】:2015-02-03 13:09:15
【问题描述】:
我们无法让我们的一台客户端计算机通过 TLS 连接到我的基于 Twisted 的邮件接收器。考虑到我对 TLS / 密码的了解有限,与同事的讨论表明这是一个密码问题。看着Twisted docs我修改了我的代码如下:
from twisted.internet.ssl import CertificateOptions, DiffieHellmanParameters
from twisted.python.filepath import FilePath
dhFilePath = './dh_param_1024.pem'
dhParams = ssl.DiffieHellmanParameters.fromFile(dhFilePath)
sslCtxFactory = ssl.CertificateOptions(privateKey=pKey, certificate=cert, trustRoot=caCert, method=SSLv3_METHOD, dhParameters=dhParams)
(之前我没有指定 dhParameters)
我使用 openssl 生成了 dh_param_1024.pem 文件,正如 Twisted Docs 的不同页面中所建议的那样。
但是,当我尝试从远程客户端连接到修改后的侦听器时,我得到:
Unhandled Error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 88, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/local/lib/python2.7/site-packages/twisted/python/log.py", line 73, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/local/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/local/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/usr/local/lib/python2.7/site-packages/twisted/internet/tcp.py", line 214, in doRead
return self._dataReceived(data)
File "/usr/local/lib/python2.7/site-packages/twisted/internet/tcp.py", line 220, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/usr/local/lib/python2.7/site-packages/twisted/protocols/basic.py", line 454, in dataReceived
self.lineReceived(line)
File "/usr/local/lib/python2.7/site-packages/twisted/mail/smtp.py", line 568, in lineReceived
return getattr(self, 'state_' + self.mode)(line)
File "/usr/local/lib/python2.7/site-packages/twisted/mail/smtp.py", line 582, in state_COMMAND
method('')
File "/root/TwistedSMTP/custom_esmtp.py", line 279, in ext_STARTTLS
self.transport.startTLS(self.ctx)
File "/usr/local/lib/python2.7/site-packages/twisted/internet/_newtls.py", line 179, in startTLS
startTLS(self, ctx, normal, FileDescriptor)
File "/usr/local/lib/python2.7/site-packages/twisted/internet/_newtls.py", line 139, in startTLS
tlsFactory = TLSMemoryBIOFactory(contextFactory, client, None)
File "/usr/local/lib/python2.7/site-packages/twisted/protocols/tls.py", line 769, in __init__
contextFactory = _ContextFactoryToConnectionFactory(contextFactory)
File "/usr/local/lib/python2.7/site-packages/twisted/protocols/tls.py", line 648, in __init__
oldStyleContextFactory.getContext()
File "/usr/local/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 1429, in getContext
self._context = self._makeContext()
File "/usr/local/lib/python2.7/site-packages/twisted/internet/_sslverify.py", line 1470, in _makeContext
ctx.load_tmp_dh(self.dhParameters._dhFile.path)
exceptions.AttributeError: 'str' object has no attribute 'path'
当我恢复我的代码以设置我的sslCtxFactory 而不指定dhParameters 属性时,连接失败时,我没有收到此错误。在我看来,twisted 的 _sslverify.py 正在接收 self.dhParameters._dhFile 作为字符串,而不是文件对象 - 或类似的问题?
谁能给点建议?有没有人遇到过类似的情况?
谢谢!
【问题讨论】:
标签: python ssl encryption attributes twisted