Latest posts on tornado + ssl + crl topichttp://python.su/forum/topic/33544/2018-01-09T16:28:14+02:00Общий :: Network :: tornado + ssl + crl
2018-01-09T16:28:14+02:00buzzi188428Решено.<br/>Код объекта ssl контекста ниже:<br/><div class="code"><pre> <span class="n">ssl_ctx</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">create_default_context</span><span class="p">(</span><span class="n">ssl</span><span class="o">.</span><span class="n">Purpose</span><span class="o">.</span><span class="n">CLIENT_AUTH</span><span class="p">)</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">verify_mode</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">CERT_REQUIRED</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">verify_flags</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">VERIFY_CRL_CHECK_LEAF</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span><span class="s2">"/path/to/ca_cert/ca.pem"</span><span class="p">)</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span><span class="s2">"/path/to/ca_crl/ca.crl"</span><span class="p">)</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">load_cert_chain</span><span class="p">(</span><span class="s2">"/path/to/server_cert/server.pem"</span><span class="p">,</span> <span class="s2">"/path/to/server_key/server.key"</span><span class="p">)</span>
</pre></div>
Общий :: Network :: tornado + ssl + crl
2017-09-07T18:17:10+03:00buzzi183435Делаю сервер на торнадо с ssl аутентификацией, не могу понять как подвязать СОС к объекту ssl_context. Подскажите в каком направлении двигаться, ниже код создания ssl_context объекта:<br/><br/><div class="code"><pre> <span class="n">ssl_ctx</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">create_default_context</span><span class="p">(</span><span class="n">ssl</span><span class="o">.</span><span class="n">Purpose</span><span class="o">.</span><span class="n">CLIENT_AUTH</span><span class="p">)</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">verify_mode</span> <span class="o">=</span> <span class="n">ssl</span><span class="o">.</span><span class="n">CERT_REQUIRED</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">load_cert_chain</span><span class="p">(</span><span class="s2">"server.pem"</span><span class="p">,</span> <span class="s2">"server.key"</span><span class="p">)</span>
<span class="n">ssl_ctx</span><span class="o">.</span><span class="n">load_verify_locations</span><span class="p">(</span><span class="s2">"ca.pem"</span><span class="p">)</span>
</pre></div>