tags:

views:

81

answers:

1
+1  Q: 

Auto enter pass phrase in case of Python ssl Client/Server

I need to create Client/Server application to send files from clients to Server. I use simple ssl sockets for that and authenticate with certificates.

 
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(ms,
                           keyfile=".../newCA/my_client.key",
                           certfile=".../newCA/my_client.crt",
                           server_side=0,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
ssl_sock.connect((HOST, MPORT))

And Server side:


msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.ssl_sock = ssl.wrap_socket(msock,
                           keyfile=".../newCA/my_server.key",
                           certfile=".../newCA/my_server.crt",
                           server_side=1,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
        self.ssl_sock.bind(('', self.PORT))
        self.ssl_sock.listen(self.QUEUE_MAX)

The problem is the following: when client tries to connect to Server, it requires Enter the pass phrase for private key for Both: for Server-side and Client-side.

  • In Java we need to set System Property: javax.net.ssl.keyStorePassword="" and it has to be used automatically, But how is it been used in Python? I can't enter pass phrase all time the client connects.

The problem is that my Application:Client should use already signed certificate, and Server should use already signed certificate too. I can't change it. Both Serever and Clients are long-living applications, so we just run it and we no need to look for them. But, as I understand, Python doesn't provide statndard way to automatically enter pass phrase for private key. May be other suggestions?

+2  A: 

A pass phrase is meant to be entered by a human as means of identification. If you want to hardcode it, a SSL key without passphrase provides the same level of security. For getting rid of the pass phrase, see also: http://aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,-and-&quot%3BGetting-Rid-of-the-Passphrase&quot%3B

wump  2010-05-05 09:33:12
Thanks. Please read additional sentences in my topic.
rauch  2010-05-05 10:14:53
Removing the passphrase does not change the validity of the signature of the certificate. It's a simple outer encryption layer, and can be removed without re-signing.
wump  2010-05-05 10:37:45

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS