【发布时间】:2020-05-21 22:29:57
【问题描述】:
您好,我正在使用 python 库 Websockets。在开发中一切正常,但在服务器上它崩溃了,因为它需要使用 WSS。上面的链接给出了一个如何做到这一点的例子:
#!/usr/bin/env python
# WSS (WS over TLS) server example, with a self-signed certificate
import asyncio
import pathlib
import ssl
import websockets
async def hello(websocket, path):
name = await websocket.recv()
print(f"< {name}")
greeting = f"Hello {name}!"
await websocket.send(greeting)
print(f"> {greeting}")
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
localhost_pem = pathlib.Path(__file__).with_name("localhost.pem")
ssl_context.load_cert_chain(localhost_pem)
start_server = websockets.serve(
hello, "localhost", 8765, ssl=ssl_context
)
asyncio.get_event_loop().run_until_complete(start_server)
asyncio.get_event_loop().run_forever()
这段代码很简单,但我完全不知道如何生成它想要的文件(服务器和客户端)。我研究了“创建 pem 文件”但无济于事,并且收到了各种 ssl 错误。有人可以解释如何为此应用程序创建 pem 文件吗?谢谢
编辑: 根据我使用的答案
sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
这创建了两个文件。
我的服务器现在通过以下方式成功监听:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
path_cert = pathlib.Path(__file__).with_name("cert.pem")
path_key = pathlib.Path(__file__).with_name("key.pem")
ssl_context.load_cert_chain(path_cert, keyfile=path_key)
print("Listening for connection...")
start_server = websockets.serve(handler, HOSTNAME, PORT, ssl=ssl_context)
我唯一遇到的问题是让客户端连接,我尝试:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
path_cert = pathlib.Path(__file__).with_name("cert.pem")
ssl_context.load_cert_chain(path_cert)
async with websockets.connect(uri, ssl=ssl_context) as websocket:
但我得到了错误:ssl.SSLError: [SSL] PEM lib (_ssl.c:3854)
我也试过了:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
path_cert = pathlib.Path(__file__).with_name("cert.pem")
path_key = pathlib.Path(__file__).with_name("key.pem")
ssl_context.load_cert_chain(path_cert, keyfile=path_key)
async with websockets.connect(uri, ssl=ssl_context) as websocket:
并得到错误ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
编辑2: 根据答案,我为客户尝试了这个:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_verify_locations()
async with websockets.connect(uri, ssl=ssl_context) as websocket:
这会产生一个新错误:TypeError: cafile, capath and cadata cannot be all omitted
尝试第二个建议:
ssl_context = ssl.create_default_context()
ssl_context.load_verify_locations(certifi.where())
async with websockets.connect(uri, ssl=ssl_context) as websocket:
产生错误:ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
编辑3: 最终的工作客户:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
path_cert = pathlib.Path(__file__).with_name("cert.pem")
ssl_context.load_verify_locations(path_cert)
async with websockets.connect(uri, ssl=ssl_context) as websocket:
【问题讨论】: