python2 python3 通信_Python3+ssl实现加密通信

一、说明

1. python标准库ssl可实现加密通信

2. ssl库底层使用openssl，做了面向对像化改造和简化，但还是可以明显看出openssl的痕迹

3. 本文先给出python实现的socket通信，在此基础上再给出ssl通信以便读者更方便地看到socket和ssl在python编程中的区别

4. 说到ssl很多人都会想到https，但本质而言ssl是在传输层和应用层之间新插入的一个层，根据不同层无关原则ssl和https并没有任何绑定关系，ssl之上完全可以是其他任何应用层协议（比如pop/imap/telnet等等）

二、程序实现

2.1 socket通信实现

客户端代码：

importsocketclassclient_class:defsend_hello(self):#与服务端建立连接

client_socket =socket.socket(socket.AF_INET,socket.SOCK_STREAM)

client_socket.connect(('127.0.0.1',9999))#向服务端发送消息

msg = "do i connect with server ?".encode("utf-8")

client_socket.send(msg)#接收服务端返回的消息

msg = client_socket.recv(1024).decode('utf-8')print(f"receive msg from server : {msg}")

client_socket.close()if __name__ == "__main__":

client=client_class()

client.send_hello()

服务端代码：

importsocketclassserver_class :defbuild_listen(self):#监听端口

server_socket =socket.socket(socket.AF_INET,socket.SOCK_STREAM)

server_socket.bind(('127.0.0.1',9999))

server_socket.listen(5)whileTrue:#接收客户端连接

client_socket, addr =server_socket.accept()#接收客户端信息

msg = client_socket.recv(1024).decode("utf-8")print(f"receive msg from client {addr}：{msg}")#向客户端发送信息

msg = f"yes , you have client_socketect with server.\r\n".encode("utf-8")

client_socket.send(msg)

client_socket.close()if __name__ == "__main__":

server=server_class()

server.build_listen()

2.2 ssl通信实现

客户端代码：

importsocketimportsslclassclient_ssl:defsend_hello(self,):#生成SSL上下文

context =ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)#加载信任根证书

context.load_verify_locations('cert/ca.crt')#与服务端建立socket连接

with socket.create_connection(('127.0.0.1', 9443)) as sock:#将socket打包成SSL socket

#一定要注意的是这里的server_hostname不是指服务端IP，而是指服务端证书中设置的CN，我这里正好设置成127.0.1而已

with context.wrap_socket(sock, server_hostname='127.0.0.1') as ssock:#向服务端发送信息

msg = "do i connect with server ?".encode("utf-8")

ssock.send(msg)#接收服务端返回的信息

msg = ssock.recv(1024).decode("utf-8")print(f"receive msg from server : {msg}")

ssock.close()if __name__ == "__main__":

client=client_ssl()

client.send_hello()

服务端代码：

importsocketimportsslclassserver_ssl:defbuild_listen(self):#生成SSL上下文

context =ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)#加载服务器所用证书和私钥

context.load_cert_chain('cert/server.crt', 'cert/server_rsa_private.pem.unsecure')#监听端口

with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:

sock.bind(('127.0.0.1', 9443))

sock.listen(5)#将socket打包成SSL socket

with context.wrap_socket(sock, server_side=True) as ssock:whileTrue:#接收客户端连接

client_socket, addr =ssock.accept()#接收客户端信息

msg = client_socket.recv(1024).decode("utf-8")print(f"receive msg from client {addr}：{msg}")#向客户端发送信息

msg = f"yes , you have client_socketect with server.\r\n".encode("utf-8")

client_socket.send(msg)

client_socket.close()if __name__ == "__main__":

server=server_ssl()

server.build_listen()

三、运行结果

3.1 socket通信运行结果

客户端：

服务端：

3.2 ssl通信运行结果

客户端：

服务端：

参考：