Python中的SSLSocket密码

Python中的SSLSocket密码

本文介绍了Python中的SSLSocket密码/密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直在考虑为我的某个应用程序制作iOS推送通知服务。它有一个Python 2.7后端,所以我想用Python而不是PHP(或其他任何东西)来做。

I've been looking into making an iOS push notification service for one of my apps lately. It has a Python 2.7 backend so I wanted to do it in Python rather than PHP (or anything else).

我有代码发送通知和设备接收它,但是每次我运行代码时它都会要求我手动输入PEM文件的密码短语。

I've got code that sends a notification and the device receives it, however every time I run the code it asks me to manually enter a 'pass phrase' for the PEM file.

这不太理想,因为我想要这个要在服务器上自动完成,当需要发送通知时,它应该发送它。我在Python 2.7的文档中找不到任何允许我在连接时自动设置密码的密码短语。

This is not ideal, as I want this to be all automated on the server, when it needs to send a notification, it should just send it. I can't find anything in the docs for Python 2.7 that allow me to automatically set the pass phrase from a variable when connecting.

如果有人知道如何在Python 2.7或任何其他想法我将非常感激。

If anyone knows how to do this in Python 2.7 or any other ideas I would be really grateful.

这是一段代码:

certfile = 'devPEM.pem'
apns_address = ('gateway.sandbox.push.apple.com', 2195)

s = socket.socket()
sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, certfile=certfile)
sock.connect(apns_address)

提前致谢。

推荐答案

所以BorrajaX建议的答案是不设置提示时密钥的密码。但是这是不可能的(至少在我的Mac上)要密码至少4个字符。

So the answer as BorrajaX suggested was to not set a password for the key when prompted. However this is not possible as (at least on my Mac) wants the password to be a minimum 4 characters.

解决这个问题的步骤是:

The steps to fix this are:


  1. 在开发人员门户中创建证书。

  2. 在Keychain Access中本地下载并打开证书

  3. 将证书的私钥从Keychain Access导出为.p12文件(我将其命名为aps_key.p12)。

  4. 在.p12键上运行以下命令:

    openssl pkcs12 -nocerts -out aps_key.pem -in aps_key.p12

  5. 输入密码(我们会在一分钟内剥离。

  6. 运行以下内容以删除密码:

    openssl rsa -in aps_key.pem -out new_aps_key.pem

  7. 将从开发人员中心下载的.cer转换为.pem文件:

    openssl x509 -in aps.cer -inform der -out aps.pem

  8. 使用以下内容合并密钥和证书.pem文件:

    cat aps.pem new_aps_ key.pem> final_aps.pem

  9. 您现在可以删除所有其他文件, final_aps.pem 除外。

  1. Create the certificate in the developer portal.
  2. Download and open the certificate locally in Keychain Access
  3. Export the certificate’s private key as a .p12 file from Keychain Access (I named it aps_key.p12).
  4. Run the following on the .p12 key:
    openssl pkcs12 -nocerts -out aps_key.pem -in aps_key.p12
  5. Enter a password (which we will strip in a minute).
  6. Run the following to strip the password:
    openssl rsa -in aps_key.pem -out new_aps_key.pem
  7. Convert the .cer downloaded from the Developer Center to a .pem file:
    openssl x509 -in aps.cer -inform der -out aps.pem
  8. Merge the key and certificate .pem files with the following:
    cat aps.pem new_aps_key.pem > final_aps.pem
  9. You can now delete all other files, except for final_aps.pem.

final_aps.pem 文件然后使用上面的代码而不会被提示输入密码/密码短语。

The final_aps.pem file then works with the code above without getting prompted for a password/pass phrase.

这是一个有用的网站,我找到了从.pem文件中删除密码的代码:

This is a useful website where I found the code for removing the password from the .pem file: http://www.sslshopper.com/article-most-common-openssl-commands.html

编辑:如果您不需要同一文件中的证书和密钥,则可以忽略步骤8并使用 aps.pem new_aps_key.pem files。

If you don't need the certificate and the key in the same file, you can just ignore step 8 and use the aps.pem and new_aps_key.pem files.

这篇关于Python中的SSLSocket密码/密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 19:51