server端
# coding:utf-8
from __future__ import absolute_import, division, print_function, with_statement
import socket, ssl
import os
import tornado.tcpserver
from tornado.ioloop import IOLoop
import tornado.gen
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain("/keys/server.crt",
"/keys/server.key")
ssl_ctx.load_verify_locations("keys/ca.crt")
ssl_ctx.verify_mode = ssl.CERT_REQUIRED
class A(tornado.tcpserver.TCPServer):
def handle_stream(self, stream, address):
self.run(stream)
@tornado.gen.coroutine
def run(self, stream):
body = yield stream.read_bytes(111110, partial=True)
print(body)
def main():
server = A(ssl_options=ssl_ctx)
server.listen(6030, '')
io_loop = IOLoop.current()
io_loop.add_callback(main)
io_loop.start()
client端
# coding:utf-8
import socket, ssl, pprint
import os
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain("keys/server.crt","keys/server.key")
ssl_sock = ssl_ctx.wrap_socket(s)
ssl_sock.connect(('localhost', 6030))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
ssl_sock.write("boo!")
运行后
服务器端报错
[SSL: NO_CERTIFICATE_RETURNED] no certificate returned (_ssl.c:590)
客户端也报错
[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:590)
我想做的是ssl双向认证