Here you canfind an example of the use of TLS.The first and last few lines of this file
sslclient.py look completely normal: opening a socket to a remote
server, and then sending and receiving data per the protocol that the server supports. The cryptographic
protection is invoked by the few lines of code in the middle—two lines that load a certificate database
and make the TLS connection itself, and then the call to
match_hostname() that performs the crucial test
of whether we are really talking to the intended server or perhaps to an impersonator.
import os, socket, ssl, sys from backports.ssl_match_hostname import match_hostname, CertificateError try: script_name, hostname = sys.argv except ValueError: print >>sys.stderr, 'usage: sslclient.py <hostname>' sys.exit(2) # First we connect, as usual, with a socket. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((hostname, 443)) # Next, we turn the socket over to the SSL library! ca_certs_path = os.path.join(os.path.dirname(script_name), 'certfiles.crt') sslsock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_certs_path) # Does the certificate that the server proffered *really* match the # hostname to which we are trying to connect? We need to check. try: match_hostname(sslsock.getpeercert(), hostname) except CertificateError, ce: print 'Certificate error:', str(ce) sys.exit(1) # From here on, our `sslsock` works like a normal socket. We can, for # example, make an impromptu HTTP call. sslsock.sendall('GET / HTTP/1.0\r\n\r\n') result = sslsock.makefile().read() # quick way to read until EOF sslsock.close() print 'The document https://%s/ is %d bytes long' % (hostname, len(result))
Note that the certificate database needs to be provided as a file named
certfiles.crt in the same
directory as the script.
[email protected]:~/Python_files# cat /etc/ssl/certs/* > certfiles.crt
[email protected]:~/Python_files# sslclient.py www.openssl.org The document https://www.openssl.org/ is 15941 bytes long