def create_secure_socket(self, cert_dir, host='localhost', port=8001):
context = ssl.SSLContext() # Defaults to SSL/TLS support with PROTOCOL_TLS (best for now for compatibility)
context.verify_mode = ssl.CERT_OPTIONAL # ssl.CERT_REQUIRED is more secure
context.check_hostname = False # Hostname verification on certs (Dont want for now)
context.load_default_certs(purpose=ssl.Purpose.CLIENT_AUTH) # Load the public CA certs for the server socket (need CLIENT_AUTH param)
self.generate_server_self_cert(cert_dir)
context.load_cert_chain(join(cert_dir, "KnowledgeManagement.crt"), keyfile=join(cert_dir, "KnowledgeManagement.key"))
# Create the secure socket that will be listening for connections.
# Note that the SSL handshake is NOT performed upon connection so the server can securely transfer the cert
# if required.
self.server_proc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.server_proc.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
secureSocket = context.wrap_socket(self.server_proc, server_side=True)
secureSocket.bind((host, port))
print("SSL Server started on {}:{}".format(host, port))
#self.server_negotiate_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#self.server_negotiate_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
#self.server_negotiate_sock.bind((host, port+1))
self.is_listening=True
return secureSocket
评论列表
文章目录
