python客户端无法将密钥文件传递给wrap_socket（）_Python_Ssl

python客户端无法将密钥文件传递给wrap_socket（）

python ssl

python客户端无法将密钥文件传递给wrap_socket（）,python,ssl,Python,Ssl,我有一个用C编写的SSL套接字服务器，托管在运行RHEL的AWS实例上。服务器目前正在使用自签名证书，我正在尝试连接python客户端。当我尝试指定要使用的公钥时，出现以下错误： TypeError: wrap_socket() got an unexpected keyword argument 'keyfile' 最简单的客户端代码是： #!/bin/python import socket import ssl #Host is the public domain name of an

我有一个用C编写的SSL套接字服务器，托管在运行RHEL的AWS实例上。服务器目前正在使用自签名证书，我正在尝试连接python客户端。当我尝试指定要使用的公钥时，出现以下错误：

TypeError: wrap_socket() got an unexpected keyword argument 'keyfile'

最简单的客户端代码是：

#!/bin/python

import socket
import ssl
#Host is the public domain name of an AWS instance
HOST = "some.host.amazonaws.com"
#Create context
con = ssl.create_default_context()
#Wrap socket with ssl context
soc = con.wrap_socket(socket.socket(socket.AF_INET), keyfile="pubkey.pem", server_hostname = HOST)
#connect to host
soc.connect((HOST, 8615))
#Get and print the host cert
cert = soc.getpeercert()
pprint.pprint(cert)

在python文档中，它说我可以指定keyfile/certfile，所以我不明白为什么会失败

如果我删除keyfile=pubkey.pem，则它无法验证证书：

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

我不相信它是服务器，因为我运行了s_client并获得以下输出：

CONNECTED(00000003)
depth=0 /C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
   i:/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF5DCCA8wCCQCX0+FHHC2zZjANBgkqhkiG9w0BAQUFADCBszELMAkGA1UEBhMC
QVUxETAPBgNVBAgMCFZpY3RvcmlhMQ8wDQYDVQQHDAZTeWRuZXkxDzANBgNVBAoM
BnBzZC1pdDELMAkGA1UECwwCSVQxPzA9BgNVBAMMNmVjMi01NC0yMDYtMTMtMTgy
LmFwLXNvdXRoZWFzdC0yLmNvbXB1dGUuYW1hem9uYXdzLmNvbTEhMB8GCSqGSIb3
DQEJARYSdHJpc3RhbkBwc2QtaXQuY29tMB4XDTE3MDExNzA5MTIxOFoXDTE4MDEx
NzA5MTIxOFowgbMxCzAJBgNVBAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTEPMA0G
A1UEBwwGU3lkbmV5MQ8wDQYDVQQKDAZwc2QtaXQxCzAJBgNVBAsMAklUMT8wPQYD
VQQDDDZlYzItNTQtMjA2LTEzLTE4Mi5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFt
YXpvbmF3cy5jb20xITAfBgkqhkiG9w0BCQEWEnRyaXN0YW5AcHNkLWl0LmNvbTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALWfyQ6aOEoZ3mq1iwBXfdoh
TrFcv3shoCmCUJ4tdahaez4z81nDp8LNpqNPY+N3Ux18vEElNz49jXA/MGTXnSgE
1SCSfUHcGnK+AlR2uXIYjbqD3AmJ7nQBPqJ1NEdMzm2iYVpG38NAfFYTH3uwhef3
Wxkc6Vus5DV6lx+9iOLAyspuicmrthfW9AJV/+bxX8Ewo4pDcQ8y9oZmcPqu9EBK
4noLEXKcS/w+iCgYAve65E7JQWJiLHeVM16sHfTBBzyr98Qc8HhNTOCaQ7iQ4VGW
VltIlV5Uu+bBQCckeRoARVLpLYEEvS8J9sictrw4G9fIEgTxDE4zwQZymDLo65jj
LulGZJ3rc7kQbj23Ycn99R2+jvgqJcJ2GMo6kjmvCg5i/cIE703DDF/QaZXHDJKb
S/g5eMaXskBURlmGTH8xnbETJ7d46pyzDZQzTI2qVa41qxROqTYN3CUM4eLY1vUc
iK7gNvmM6dxqsB6qrdQwqTfESbm4R1dvqGhsvhyLc+SGMTLmTHZFgMs2KJkblSRM
2rs7uP9mwkkJNz6IF57ek0WZX6x+vlC1akJMjhwx1hf3LL+cmzOV2lPvMc8hwgg0
8zwAxwdWgPd1W7hfW+OZ8JmErsChkT4Ogc1ZG/j+jyVY6hiwxyJVc3ej1ml/eMmX
jtwf64TwWp7G9nxaBcUlAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBACVYBVAXihWK
0QJ3EHVixT/HVByVAvowgEJLZLtI6MpJBC93a6HT67KvDc8blXgqgSfm08B0ynzX
P5Roav5+JAHKlnM9glaPdto13ULhIYxmtSycuoInxBAII5Pfm3DZHO/Sj/oNx6+1
hHR5wgfP5sjbUon2lh5BRJs8B0dhDjBPbX3D2UcNOhUWBYfVxUoyyqDBAJi7Ephz
7E6XRZqLFdJluWd7FH3DkbKRkY8yPKPBmIz62lEFc097U6TTl56HMiCrLTcKNzrm
LmQhkhjsqML5UIGUt4M2bmqmoRn/vqzeVBbMjb/eNtudOjQm2pfIX8L8r3daJbyY
96MFXqiyBe+kCV3GrKE+UWXpcyFaQi293piD6G1OyVmlb69fBQGsnVK2yCJcDcbG
/q7gy1olNhChRzr244Fv4HK5jrh+yBnmAuSyxhyuC3OthQJTCfFOVcciv+rOYPjV
6CQn5KLNta8MVr7C/jwQfNGY3GbHCTgI1elhI0TfqmXzCF1g60Hhjq6lj8KIUI0g
tyu7UQv3MqUxQ3eR76QYfYrupZAecfTdpIflgtd4Mgv8tc+YFOf3hUKCKRw1Zo1/
FZbK5PuqcEF8Wo2NH8+d/pFIm9Rb5nILPvAIddYsGe/Ddjw/wJrKl2NTo3BNBlMB
sOE+5xE1MIAryL/LDrtNJsOSzB9RwFzc
-----END CERTIFICATE-----
subject=/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
issuer=/C=AU/ST=Victoria/L=Sydney/O=psd-it/OU=IT/CN=some.host.amazonaws.com/emailAddress=admin@psd-it.com
---
No client certificate CA names sent
---
SSL handshake has read 1681 bytes and written 712 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 3D393B247FDA6BCDC933047DCC70FA60BEC8DB0D493DEB86BB15B70C0BD025BF
    Session-ID-ctx: 
    Master-Key: 61A6A039398F326940A24165EB803A49DBA7128C4C3EB23C416111B1BF4571B79BE69FBBD755CDB8E81BBB8799FC93EC
    Key-Arg   : None
    Start Time: 1484711374
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
test
read:errno=0

似乎客户端证书未发送到服务器。在创建缺少的连接时，是否有方法指定公钥

非常感谢您的帮助

TypeError:wrap_套接字获得意外的关键字参数“keyfile”

调用context.wrap\u套接字时没有keyfile参数。。。。调用ssl.wrap_套接字时有一个keyfile参数。。。。这样做的原因是，当ssl.wrap_socket。。。创建一个新的上下文

有关更多详细信息，请参阅vs..

非常感谢您的帮助。我还必须调用load\u verify\u locations/path/to/root/rootCA.pem，因为它在加载\u default\u证书时失败，即使它安装在keychain macOS中也不知道为什么，但它现在可以工作了！再次感谢：@PSD:Python没有使用MacOSX的钥匙链。