from httplib import HTTPSConnection
import urllib2
import socket
import ssl
 
class VerifiedHTTPSConnection(HTTPSConnection):
        '''
        Modified version of the httplib.HTTPSConnection class that forces server
        certificate validation
        '''
        def __init__(self, host, port=None, key_file=None, cert_file=None,
                strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None,
                ca_file=None):
                        HTTPSConnection.__init__(self, host, port, key_file,
                                cert_file, strict, timeout, source_address)
 
                        self.ca_file = ca_file
 
        def connect(self):
                sock = socket.create_connection(
                        (self.host, self.port),
                        self.timeout, self.source_address
                )
 
                if self._tunnel_host:
                        self.sock = sock
                        self._tunnel()
 
                if (None != self.ca_file):
                        # Wrap the socket using verification with the root certs, note the hardcoded path
                        self.sock = ssl.wrap_socket(
                                sock,
                                self.key_file,
                                self.cert_file,
                                cert_reqs = ssl.CERT_REQUIRED, # NEW: Require certificate validation
                                ca_certs = self.ca_file # NEW: Path to trusted CA file
                        )
                else:
                        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
 
class VerifiedHTTPSHandler(urllib2.HTTPSHandler):
        '''
        Modified version of the urllib2.HTTPSHandler class that uses the
        VerifiedHTTPSConnection HTTPSConnection class
        '''
        def __init__(self, debuglevel=0, key_file=None, cert_file=None, ca_file=None):
                urllib2.HTTPSHandler.__init__(self, debuglevel)
                self.key_file = key_file
                self.cert_file = cert_file
                self.ca_file = ca_file
 
        def https_open(self, req):
                return self.do_open(self.get_connection, req)
 
        def get_connection(self, host, timeout = socket._GLOBAL_DEFAULT_TIMEOUT):
                return VerifiedHTTPSConnection(host, timeout = timeout, ca_file = self.ca_file)
 
def main():
        # ca_file needs to be a PEM-formatted listing of certificate roots
        # See http://curl.haxx.se/ca/cacert.pem for an example
        # Or https://raw.github.com/Caligatio/nss-root-converter/master/nss-coverter-py27.py
        opener = urllib2.build_opener(VerifiedHTTPSHandler(ca_file = 'cacert.pem'))
        urllib2.install_opener(opener)
        request = urllib2.Request('https://www.google.com')
        sock = urllib2.urlopen(request)
        data = sock.read()
        print(data)
 
if ('__main__' == __name__):
        main()
#//python/4445

回复 "Certificate validating HTTPSHandler class, Verifie"

这儿你可以回复上面这条便签

作者你的名字是？

标题给你的便签一个标题。

语言你的便签是以

你的便签在这儿输入便签内容

from httplib import HTTPSConnection
import urllib2
import socket
import ssl

class VerifiedHTTPSConnection(HTTPSConnection):
	'''
	Modified version of the httplib.HTTPSConnection class that forces server
	certificate validation
	'''
	def __init__(self, host, port=None, key_file=None, cert_file=None,
		strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None,
		ca_file=None):
			HTTPSConnection.__init__(self, host, port, key_file,
				cert_file, strict, timeout, source_address)

self.ca_file = ca_file

def connect(self):
		sock = socket.create_connection(
			(self.host, self.port),
			self.timeout, self.source_address
		)

if self._tunnel_host:
			self.sock = sock
			self._tunnel()

if (None != self.ca_file):
			# Wrap the socket using verification with the root certs, note the hardcoded path
			self.sock = ssl.wrap_socket(
				sock,
				self.key_file,
				self.cert_file,
				cert_reqs = ssl.CERT_REQUIRED, # NEW: Require certificate validation
				ca_certs = self.ca_file # NEW: Path to trusted CA file
			)
		else:
			self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)

class VerifiedHTTPSHandler(urllib2.HTTPSHandler):
	'''
	Modified version of the urllib2.HTTPSHandler class that uses the
	VerifiedHTTPSConnection HTTPSConnection class
	'''
	def __init__(self, debuglevel=0, key_file=None, cert_file=None, ca_file=None):
		urllib2.HTTPSHandler.__init__(self, debuglevel)
		self.key_file = key_file
		self.cert_file = cert_file
		self.ca_file = ca_file

def https_open(self, req):
		return self.do_open(self.get_connection, req)

def get_connection(self, host, timeout = socket._GLOBAL_DEFAULT_TIMEOUT):
		return VerifiedHTTPSConnection(host, timeout = timeout, ca_file = self.ca_file)

def main():
	# ca_file needs to be a PEM-formatted listing of certificate roots
	# See http://curl.haxx.se/ca/cacert.pem for an example
	# Or https://raw.github.com/Caligatio/nss-root-converter/master/nss-coverter-py27.py
	opener = urllib2.build_opener(VerifiedHTTPSHandler(ca_file = 'cacert.pem'))
	urllib2.install_opener(opener)
	request = urllib2.Request('https://www.google.com')
	sock = urllib2.urlopen(request)
	data = sock.read()
	print(data)

if ('__main__' == __name__):
	main()
#//python/4445

创建短链接创建一个较短的URL，连接到这个便签

私人私人便签不会显示在最近列表中

保存期限我们应该什么时候删除这张便签？

防滥用键入这些字符

Code666 (代码贴、代码片段)

[Python] Certificate validating HTTPSHandler class, Verifie →→→→→进入此内容的聊天室

回复 "Certificate validating HTTPSHandler class, Verifie"