1. 首頁
  2. 問答
  3. 龍捲風與自我簽名證書相互驗證

龍捲風與自我簽名證書相互驗證

2015-10-05 91 views
2

通過Tornado文檔,我似乎無法找到關於 雙向SSL身份驗證的待遇。目前,代碼看起來像這樣使用自簽名證書:龍捲風與自我簽名證書相互驗證

import tornado.ioloop 
import tornado.web 
import tornado.httpserver 

class fooHandler(tornado.web.RequestHandler): 
    def get(self): 
     #Do Something 

if __name__ == "__main__": 
    application = tornado.web.Application([ 
     (r"/foo/", fooHandler), 
    ]) 
    http_server = tornado.httpserver.HTTPServer(application, ssl_options={ 
      "certfile": "./cert.pem", 
      "keyfile": "./key.pem", 
     }) 
    http_server.listen(8888) 
    tornado.ioloop.IOLoop.instance().start()

來源

2015-10-05 Jasmi Rathod

+0

[原始綁定證書:強大客戶端的新方法 Web認證](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final162.pdf)和[The Token綁定協議](https://tools.ietf.org/html/draft-ietf-tokbind-protocol)。 – jww

回答

1

你需要設置你的ssl.SSLContextverify_mode

ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) 
ssl_ctx.load_cert_chain("cert.pem", "key.pem") 
# If your certs are not self-signed, load your CA certificates here. 
#ssl_ctx.load_verify_locations("cacerts.pem") 
ssl_ctx.verify_mode = ssl.CERT_REQUIRED 
http_server = HTTPServer(application, ssl_options=ssl_ctx)

然後你可以使用self.request.get_ssl_certificate獲取客戶端的證書。

來源

2015-10-06 00:15:25

相關問題

 相關問題