1. 技术文章
  2. 2 SSL certificates in twisted

2 SSL certificates in twisted

梦想与她 提交于 2019-12-02 06:59:10

The ways TLS works with HTTP to support multiple hostnames is either by using a single certificate that contains all of those hostnames (for example, as subjectAltName extensions) or by using multiple certificates (each with fewer than the complete set of hostnames) and the SNI TLS extension.

If you want to use the former solution, all you need to do is acquire correctly constructed certificates. How you do this probably depends on where you're getting your certificates from. Perhaps the certificate vendor has a special user interface for this or perhaps the certificate request generator you're using has options that control it.

If you want to use the latter solution, investigate txSNI:

from txsni.snimap import SNIMap
from txsni.tlsendpoint import TLSEndpoint

from twisted.web.server import Site
from twisted.web.static import Data
from twisted.internet import reactor
from twisted.internet.ssl import Certificate, KeyPair, PrivateCertificate
from twisted.internet.endpoints import serverFromString

def main(reactor):
    root = Data("", "text/plain")
    site = Site(root)

    def load(key_path, cert_path):
        with open(key_path) as key_file:
            key = KeyPair.loadPEM(key_file.read())

        with open(cert_path) as cert_file:
             cert = cert.read()

        return PrivateCertificate.fromCertificateAndKeyPair(cert, key)

    snimap = SNIMap({
        "DEFAULT": load('/etc/apache2/ssl/wc.key', '/etc/apache2/ssl/wc.crt').options(),
        "another.host.name": load(another_key, another_cert).options(),
        ...
    })

    endpoint = TLSEndpoint(serverFromString(reactor, "tcp:80"))
    endpoint.listen(site)

    reactor.run()
标签
python
ssl
twisted
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!