Python中使用ssl加密

使用ssl加密传输数据

1. 首先需要使用openssl产生证书

openssl req -new -x509 -days 365 -nodes -out mycertfile.pem -keyout mykeyfile.pem

命令执行后，会在当前目录下产生两个文件。其中, mycertfile.pem可以发给一家发证机构， 它将验证您输入的凭据的真实性，
并对申请进行签名， 再把证书返还。 第二个文件的名字将是mykeyfile.pem，它包含了证书的私钥，应被全力保护；
如果它落入别人手中，则可以被用来伪造服务器。
2. 修改echoserver和echoclient支持ssl加密
把mykeyfile.pem, mycertfile.pem拷贝到服务端，和echoserver.py同一目录下

# Echo server programimport socket, sslHOST = ''                 # Symbolic name meaning all available interfacesPORT = 9980 # Arbitrary non-privileged portcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)context.load_cert_chain(certfile="mycertfile.pem", keyfile="mykeyfile.pem")s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.bind((HOST, PORT))s.listen(1)while True:        conn, addr = s.accept()        print('Connected by', addr)        ssl_conn = context.wrap_socket(conn, server_side=True)        while True:            data = ssl_conn.recv(1024)            print("recv data: ", repr(data))            if not data: break            ssl_conn.sendall(data)        ssl_conn.close()

把mycertfile.pem拷贝到客户端，下面是客户端代码:

# Echo client programimport socket, sslimport timeHOST = 'proxy.server.com'    # The remote hostPORT = 80 # The same port as used by the servers = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((HOST, PORT))proxy_data = 'CONNECT %s:%s HTTP/1.0\n\n' % ('106.106.106.71', '9980')s.sendall(proxy_data.encode())data = s.recv(1024)print('connect result: ', repr(data))ssl_conn = ssl.wrap_socket(s, ca_certs="./mycertfile.pem", cert_reqs=ssl.CERT_REQUIRED)while True:    ssl_conn.sendall(b'hello world')    data = ssl_conn.recv(1024)    print('Received', repr(data))    time.sleep(2)ssl_conn.close()