server端代码如下:
#! /usr/bin/env python
# coding:utf-8
from SocketServer import TCPServer, ThreadingMixIn, StreamRequestHandler,BaseRequestHandler,ThreadingTCPServer
from utility.daemon import Daemon
import ConfigParser
import os
import sys
import ssl
dir_path = os.path.dirname(__file__) # 获得运行程序的目录路径;
configfile = os.path.join(dir_path, 'config.ini') #获得配置文件的绝对路径
#获得证书的绝对路径:
cacrtf = os.path.join(dir_path,'ssl/ca.crt') #根证书
certf = os.path.join(dir_path,'ssl/server.crt') #服务器证书
keyf = os.path.join(dir_path,'ssl/server.key') #服务器私钥
"""
在服务器端,ca_certs选项是用于验证客户端的证书。(如果CERT_REQUIRED将True,服务器将向客户提供其证书)。
事实上,在CA的证书ca_certs不发送给客户。服务器将只发送自己的证书给客户。
"""
class ReadConfig:
"""
读取config.ini里面的配置信息
"""
def __init__(self, configfile=''):
self.configfile = configfile
self.config = ConfigParser.ConfigParser()
self.config.read(self.configfile)
def get_node_log(self):
"""
:return: 获得cdn日志运行日志路径
"""
node_log = self.config.get('logfile', 'node_agent_log')
return node_log
def get_node_err(self):
"""
:return:获得cdn错误日志路径
"""
node_err_log = self.config.get('logfile', 'node_agent_error')
return node_err_log
def get_node_pid(self):
"""
:return:获得cdn进程pid的路径
"""
node_pid = self.config.get('logfile','node_pid')
return node_pid
def get_listen_ip(self):
"""
:return:获得本地监听的ip地址
"""
listen_ip = self.config.get('listen_ip','ip')
return listen_ip
def get_listen_port(self):
"""
:return:获取本地监听的ip 和 端口号
"""
listen_port = self.config.get('listen_ip','port')
return listen_port
class MyServer(BaseRequestHandler):
def setup(self):
pass
def handle(self):
print self.request, self.client_address, self.server
conn = self.request
conn.sendall('连接成功..........')
def finish(self):
pass
class MySSL_TCPServer(TCPServer):
def __init__(self,
server_address,
RequestHandlerClass,
certfile,
keyfile,
ca_certs,
bind_and_activate=True):
TCPServer.__init__(self, server_address, RequestHandlerClass, bind_and_activate)
self.certfile = certfile
self.keyfile = keyfile
self.ca_certs = ca_certs
def get_request(self):
newsocket,fromaddr = self.socket.accept()
connstream = ssl.wrap_socket(newsocket,
server_side=True,
certfile=self.certfile,
keyfile=self.keyfile,
ca_certs=self.ca_certs)
return connstream, fromaddr
class MySSL_ThreadingTCPServer(ThreadingMixIn, MySSL_TCPServer): pass
class testHandler(StreamRequestHandler):
def handle(self):
print 'Now connect form ',self.client_address[0]
while True:
recv_data=self.request.recv(1024)
if not recv_data:
continue
else:
if recv_data == 'hello':
self.wfile.write('hello.....python')
elif recv_data == 'exit':
self.wfile.write('exit.....')
# data = self.connection.recv(4096)
# self.wfile.write(data+'server node')
class DaemonMon(Daemon):
def run(self):
# rc = ReadConfig(configfile)
# ip = rc.get_listen_ip()
# port = rc.get_listen_port()
MySSL_ThreadingTCPServer(('%s'%ip,int(port)),testHandler,certf,keyf,cacrtf).serve_forever()
**# #测试node_agent
# rc = ReadConfig(configfile)
# ip = rc.get_listen_ip()
# port = rc.get_listen_port()
#
# #MySSL_ThreadingTCPServer(('%s'%ip,int(port)),testHandler,certf,keyf,cacrtf).serve_forever()**
if __name__ == '__main__':
rc = ReadConfig(configfile)
node_log = rc.get_node_log()
node_err = rc.get_node_err()
node_agent_pid = rc.get_node_pid()
ip = rc.get_listen_ip()
port = rc.get_listen_port()
daemon = DaemonMon(node_agent_pid,stdout=node_log,stderr=node_err)
if len(sys.argv) == 2:
if 'start' == sys.argv[1]:
daemon.start()
elif 'stop' == sys.argv[1]:
daemon.stop()
elif 'restart' == sys.argv[1]:
daemon.restart()
else:
print "Unknown command"
sys.exit(2)
sys.exit(0)
else:
print "usage: %s start|stop|restart" % sys.argv[0]
sys.exit(2)
client端代码:
#! /usr/bin/env python
# coding:utf-8
import os
import socket
import ssl
import sys
dir_path = os.path.dirname(__file__) # 获得运行程序的目录路径;
configfile = os.path.join(dir_path, 'config.ini') #获得配置文件的绝对路径
#获得证书的绝对路径:
cacrtf = os.path.join(dir_path,'ssl/ca.crt') #根证书
certf = os.path.join(dir_path,'ssl/server.crt') #服务器证书
keyf = os.path.join(dir_path,'ssl/server.key') #服务器私钥
Tag = True
if len(sys.argv) < 2:
print 'input error'
sys.exit(2)
else:
your_input = sys.argv[1]
print '你的输入为: %s' % your_input
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s, ca_certs=cacrtf, cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('192.168.2.42',9999))
ssl_sock.send(your_input)
print ssl_sock.recv(4096)
ssl_sock.close()
出现问题:
如果把server端的代码不以daemon形式运行,而是以:MySSL_ThreadingTCPServer(('%s'%ip,int(port)),testHandler,certf,keyf,cacrtf).serve_forever()
形式启动,client端可以连接上去,运行没有任何问题!
但是如果server脚本以daemon方式启动,server端运行程序没有任何问题,端口也可以启动正常,但是client连接上去后,回报错:
Traceback (most recent call last):
File "./client_ssl.py", line 35, in
ssl_sock.connect(('192.168.2.42',9999))
File "/usr/lib64/python2.6/ssl.py", line 295, in connect
self.do_handshake()
File "/usr/lib64/python2.6/ssl.py", line 279, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:492: EOF occurred in violation of protocol
截图如下:
server端:
client报错情况:
应该不是证书路径问题,用daemon启动后,端口是正常的:
会不会是因为daemon的时候证书路径出问题了,直接nc 127.0.0.1 9999连上去试试,或者直接写成绝对路径试试。