I'm really new to networking in general and I'm trying to set up a simple exchange between a python server and client.
This is the code for the server
import socket, ssl
def do_something(connstream, data):
print "HALLO"
def deal_with_client(connstream):
data = connstream.read()
# null data means the client is finished with us
while data:
if not do_something(connstream, data):
# we'll assume do_something returns False
# when we're finished with client
break
data = connstream.read()
# finished with client
bindsocket = socket.socket()
bindsocket.bind(('127.0.0.1', 10024))
bindsocket.listen(5)
while True:
newsocket, fromaddr = bindsocket.accept()
print "Setting up connection"
connstream = ssl.wrap_socket(newsocket,
server_side=True,
ca_certs=None,
certfile="cert.pem",
keyfile="privatekey.pem",
ssl_version=ssl.PROTOCOL_TLSv1)
try:
deal_with_client(connstream)
finally:
connstream.shutdown(socket.SHUT_RDWR)
connstream.close()
Here is the code for the client.py
import socket, ssl
clientsocket = socket.socket()
ssl_sock = ssl.wrap_socket(clientsocket,
certfile="cert.pem",
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('127.0.0.1', 10024))
print ssl_sock.getpeername()
print ssl_sock.getpeercert()
data = ssl_sock.recv(1024)
ssl_sock.close()
print 'Received', repr(data)
I generated the "cert.pem" and the "privatekey.pem" using openssl.
Traceback (most recent call last):
File "server.py", line 30, in <module>
ssl_version=ssl.PROTOCOL_TLSv1)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 344, in wrap_socket
ciphers=ciphers)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 121, in __init__
self.do_handshake()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 283, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:499: EOF occurred in violation of protocol
I was wondering if somehow who knows more could point me in the right direction. I really want to do this using SSL btw, but I would be willing to switch to TLS if that is the better approach.
It could be that the sockets are not running with a compatible ssl version, you should put a "ssl.PROTOCOL_TLSv1" compatible version in your client too (or removing it from server and use the default value too).
Googling you can find many examples of socket comunication
Related
Hello I would ask if i could do connection to extract some data from Tool Server.
so i making this code but i need to modify it to open this tool with username and password and extract data from My tool server.
import socket
import ssl
HOST, PORT = '10.74.159.82', 31039
def handle(conn):
conn.write(b'GET / HTTP/1.1\n')
print(conn.recv() . decode())
def main():
sock = socket.socket(socket.AF_INET)
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
conn = context.wrap_socket(sock, server_hostname=HOST)
try:
conn.connect((HOST, PORT))
handle(conn)
finally:
conn.close()
if __name__ == '__main__':
main()
RESULT
!! C:\Users\Admin\.PyCharmCE2018.1\config\venv\Scripts\python.exe!! C:/Users/Admin/.PyCharmCE2018.1/config/codestyles/Under_Building.py
Traceback (most recent call last):
File "C:/Users/Admin/.PyCharmCE2018.1/config/codestyles/Under_Building.py", line 22, in <module>
main()
File "C:/Users/Admin/.PyCharmCE2018.1/config/codestyles/Under_Building.py", line 16, in main
conn.connect((HOST, PORT))
File "C:\Users\Admin\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 1141, in connect
self._real_connect(addr, False)
File "C:\Users\Admin\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 1132, in _real_connect
self.do_handshake()
File "C:\Users\Admin\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 1108, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)
Process finished with exit code 1
I'm Beginner so i need to learn and supporting
It's hard to see exactly, but it seems the server you're connecting to (on https://10.74.159.82:31039) is using a self-signed certificate (or its CA is, perhaps).
It's perhaps better to create or buy a proper (non-self-signed) certificate, but assuming this is a test server this is fine.
So with what you have, your best bet is to allow self-signed certs in your SSL Context (and also, not to check the hostname - that will probably fail too as you're using an IP address):
context = ssl.create_default_context()
context.check_hostname=False
context.verify_mode=ssl.CERT_NONE
# etc...
Traceback (most recent call last):
File "ssl-common.py", line 14, in
s = ctx.wrap_socket(s, server_hostname=dst[0])
File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 363, in wrap_socket
_context=self)
File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 611, in init
self.do_handshake()
File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
socket.error: [Errno 54] Connection reset by peer
I am getting the above errors when I try to run the below script on my Mac. I have reinstalled openssl through homebrew, as well as through pip
import socket
import ssl
import OpenSSL.crypto as crypto
dst = ('1.2.3.4',443)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ret = s.connect_ex(dst)
if ret == 0 :
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
s = ctx.wrap_socket(s, server_hostname=dst[0])
# get certificate
cert_bin = s.getpeercert(True)
x509 = crypto.load_certificate(crypto.FILETYPE_ASN1,cert_bin)
print(x509.get_subject().CN)
else :
print "socket.connect_ex returned ", ret
[Errno 54] Connection reset by peer
It seems like a problem on where you want to connect. Check your connectivity by pinging and etc.
Please do check this out: What does "connection reset by peer" mean?
I have already been through these set of solutions for connecting IMAP under proxy
Information to add:
I am trying to write a python code that can fetch mails from gmails IMAP server using imapclient under http,https and socks proxy server of my academic insitute
When tried without any proxy handling, it used to give error
socket.error [101] network is unreachable
import imapclient
import pyzmail
imapObj = imapclient.IMAPClient('imap.gmail.com',ssl=True)
imapObj.login('***********#gmail.com','*********')
imapObj.select_folder('INBOX', readonly=True)
UIDs = imapObj.search(['SINCE 07-Jul-2016'])
for item in UIDs:
rawMessages = imapObj.fetch(item, ['BODY[]', 'FLAGS'])
message = pyzmail.PyzMessage.factory(rawMessages[item]['BODY[]'])
message.get_subject()
message.get_addresses('from')
message.get_addresses('to')
message.get_addresses('cc')
message.get_addresses('bcc')
message.text_part != None
message.text_part.get_payload().decode(message.text_part.charset)
message.html_part != None
message.html_part.get_payload().decode(message.html_part.charset)
imapObj.logout()
However, the process gives error as
File "mailtotext.py", line 16, in <module>
imapObj = imapclient.IMAPClient('imap.gmail.com',ssl=True)
File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py", line 152, in __init__
self._imap = self._create_IMAP4()
File "/usr/local/lib/python2.7/dist-packages/imapclient/imapclient.py",line 164, in _create_IMAP4
self._timeout)
File "/usr/local/lib/python2.7/dist-packages/imapclient/tls.py", line 153, in __init__
imaplib.IMAP4.__init__(self, host, port)
File "/usr/lib/python2.7/imaplib.py", line 172, in __init__
self.open(host, port)
File "/usr/local/lib/python2.7/dist-packages/imapclient/tls.py", line 158, in open
sock = socket.create_connection((host, port), self._timeout)
File "/usr/lib/python2.7/socket.py", line 571, in create_connection
raise err
socket.error: [Errno 101] Network is unreachable
I then followed the above mentioned link procedures owing to my institute proxy as http,https,socks
I have already set my system proxy settings as
http_proxy="http://10.3.100.207:8080/"
https_proxy="https://10.3.100.207:8080/"
ftp_proxy="ftp://10.3.100.207:8080/"
socks_proxy="socks://10.3.100.207:8080/"
and edited the code as
import imapclient
import pyzmail
import socks
import socket
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,"10.3.100.207",8080,True)
socket.socket = socks.socksocket
imapObj = imapclient.IMAPClient('imap.gmail.com',ssl=True)
imapObj.login('***********#gmail.com','*********')
imapObj.select_folder('INBOX', readonly=True)
UIDs = imapObj.search(['SINCE 07-Jul-2016'])
for item in UIDs:
rawMessages = imapObj.fetch(item, ['BODY[]', 'FLAGS'])
message = pyzmail.PyzMessage.factory(rawMessages[item]['BODY[]'])
message.get_subject()
message.get_addresses('from')
message.get_addresses('to')
message.get_addresses('cc')
message.get_addresses('bcc')
message.text_part != None
message.text_part.get_payload().decode(message.text_part.charset)
message.html_part != None
message.html_part.get_payload().decode(message.html_part.charset)
imapObj.logout()
But this process seems to freeze for very long time and finally I always need to make a keyboard interrupt. Its sure that it was freezed somewhere in socket files as per keyboard interrupt output.
Please help me through this, there are hardly solution to such problems over web. I have even tried tunneling but it isn't solving my problem or say making it worse (I might have not implemented it well :P)I would provide any other information and output if needed here
My code
I've gone over it and had a friend of mine look at it. At this point we're both stumped and would appreciate some help.
import os
import socket
import ssl
HSM = raw_input('Please enter the IP address of the machine you are connecting to.')
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sslSocket = ssl.wrap_socket(sock,
keyfile="AKMClientPrivateKey.pem",
certfile="AKMClientSignedCert.pem",
ca_certs="TCASelfSignedCert.pem",
cert_reqs=ssl.CERT_REQUIRED)
sslSocket.connect(('192.168.160.128', 6000))
print "Connection is successful!"
The error I keep getting
I have all of the keys and certs I'm referencing in the same folder as my python file.
I've double checked the IP address and port.
Traceback (most recent call last):
File "connect.py", line 12, in <module>
sslSocket.connect(['192.168.160.128', 6000])
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 333, in connect
self._real_connect(addr, False)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 314, in _real_connect
self.ca_certs, self.ciphers)
ssl.SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL
routines:SSL_CTX_use_PrivateKey_file:system lib
I'm wondering if I can recv/send data on a raw socket before wrapping it - I've looked through the documentation and searched for it but couldn't find anything specific. What I basically want to do:
client, addr = listeningSocket.accept()
client.recv(32)
client.send(b'hello')
client.setblocking(0)
sslSocket = ssl.wrap_socket(client, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
sslSocket.write(b'hello')
The problem is I get an error that I'm pretty sure is related to the client.recv() before wrapping (or at least I think that's it since I do not get it before adding the recv?)
sslSocket = ssl.wrap_socket(client, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
File "/usr/lib/python3.1/ssl.py", line 381, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python3.1/ssl.py", line 135, in __init__
raise x
File "/usr/lib/python3.1/ssl.py", line 131, in __init__
self.do_handshake()
File "/usr/lib/python3.1/ssl.py", line 327, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:488: EOF occurred in violation of protocol
Is this legal? Is there anyway to do this (I really need to send before wrapping since the client expects a raw string before the SSL data starts flooding.) Appreciate any guidance possible.
Note: I need to respond to a policy request from flash. The connection with flash is going to be secure, but the policy request isn't
I notice in the documentation for do_handshake ( http://docs.python.org/library/ssl.html#ssl.SSLSocket.do_handshake ), which is called by wrap_socket (as is apparent from your callstack), that it may raise an ssl.SSLError on nonblocking sockets, and you have to wrap it in a try/except to try until it works. So in your case, if you need a nonblocking socket, you would either need to do the handshake yourself first and pass do_handshake_on_connect=False to wrap_socket, or just wait until after the handshake to set nonblocking:
client, addr = listeningSocket.accept()
client.recv(32)
client.send(b'hello')
sslSocket = ssl.wrap_socket(client, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
client.setblocking(0)
sslSocket.write(b'hello')
or maybe:
client, addr = listeningSocket.accept()
client.recv(32)
client.send(b'hello')
client.setblocking(0)
while True:
try:
client.do_handshake()
break
except ssl.SSLError, err:
if err.args[0] == ssl.SSL_ERROR_WANT_READ:
select.select([client], [], [])
elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
select.select([], [client], [])
else:
raise
sslSocket = ssl.wrap_socket(client, do_handshake_on_connect=False, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
sslSocket.write(b'hello')
Yet another alternative is just to run a dedicated Flash policy server on port 843.
I believe if you close the socket after the Flash policy request, Flash will handle this correctly and reconnect after validating the policy response.