bea*_*ito 5 thrift thrift-protocol
我试图了解 Thrift 中 SSL 套接字的语义。特别是字段:ca_certs、keyfile 和 certfile 的作用。
在客户端上的用法keyfile是私钥的路径,然后使用服务器端的证书在服务器端使用证书进行验证certfile
这些字段对我来说似乎是颠倒的,因为我希望在服务器端而不是客户端看到一个密钥文件字段。
服务器端的 certfile 真的是一个 pem(意味着公共证书和私钥的组合)还是只是一个证书?
向服务器验证客户端和反之亦然的正确用法是什么?
TSSLSocket Initializer
def __init__(self,
host='localhost',
port=9090,
validate=True,
ca_certs=None,
keyfile=None,
certfile=None,
unix_socket=None,
ciphers=None):
"""Create SSL TSocket
@param validate: Set to False to disable SSL certificate validation
@type validate: bool
@param ca_certs: Filename to the Certificate Authority pem file, possibly a
file downloaded from: http://curl.haxx.se/ca/cacert.pem This is passed to
the ssl_wrap function as the 'ca_certs' parameter.
@type ca_certs: str
@param keyfile: The private key
@type keyfile: str
@param certfile: The cert file
@type certfile: str
@param ciphers: The cipher suites to allow. This is passed to
the ssl_wrap function as the 'ciphers' parameter.
@type ciphers: str
Raises an IOError exception if validate is True and the ca_certs file is
None, not present or unreadable.
"""
服务器端:
class TSSLServerSocket(TSocket.TServerSocket):
SSL_VERSION = ssl.PROTOCOL_TLSv1
def __init__(self,
host=None,
port=9090,
certfile='cert.pem',
unix_socket=None,
ciphers=None):
| 归档时间: |
|
| 查看次数: |
277 次 |
| 最近记录: |