TLS/SSL和PyMongo
import ssl
import pymongo
from pprint import pprint
from pymongo import ReadPreference
from pymongo.errors import BulkWriteError
from pymongo import MongoClient
client = pymongo.MongoClient('example.com', ssl=True)
client = pymongo.MongoClient('mongodb://example.com/?ssl=true')
"""证书验证策略"""
"""缺省情况下,PyMongo被配置为从服务器需要一个证书被启用TLS时。
这是可配置的使用ssl_cert_reqs选项。要禁用这一要求传递ssl.CERT_NONE作为关键字参数:"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_cert_reqs=ssl.CERT_NONE)
uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_NONE'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""指定CA文件"""
"""在某些情况下,你可能想PyMongo配置为使用一组特定的CA证书。使用“自签名”服务器证书时,这是最常见的情况。
该ssl_ca_certs选项将到CA文件的路径。它可以作为一个关键字参数传递:"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_ca_certs='/path/to/ca.pem')
"""同上"""
uri = 'mongodb://example.com/?ssl=true&ssl_ca_certs=/path/to/ca.pem'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""指定的证书吊销列表"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_crlfile='/path/to/crl.pem')
uri = 'mongodb://example.com/?ssl=true&ssl_crlfile=/path/to/crl.pem'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""客户端证书
PyMongo可以配置为使用ssl_cert_file选项出示客户端证书:
"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem')
"""如果客户端证书的私钥存储在一个单独的文件中使用ssl_keyfile的选项:"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem',
ssl_keyfile='/path/to/key.pem')
"""Python的2.7.9+(pypy2.5.1+)和3.3+支持提供密码或口令解密加密私钥。使用ssl_pem_passphrase选项"""
"""client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem',
ssl_keyfile='/path/to/key.pem',
ssl_pem_passphrase=<passphrase>)"""