使用 pyopenssl 连接到 ipv6 ssl 服务器
Connecting to an ipv6 ssl server using pyopenssl
我需要使用 pyopenssl 连接到 ipv6 服务器。这可能吗?对于 ipv4,我没有任何 problem.This 是我为 ipv6 尝试过的:
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_privatekey_file (os.path.join(dir, 'client.pkey'))
ctx.use_certificate_file(os.path.join(dir, 'client.cert'))
ctx.load_verify_locations(os.path.join(dir, 'CA.cert'))
#Set up client
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET6, socket.SOCK_STREAM))
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32',443,0,0))
但我收到以下错误:
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32',443,0,0))
File "/root/Desktop/PY/ilodos2/venv/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1455, in connect
return self._socket.connect(addr)
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
error: [Errno 22] Invalid argument
pyopenssl 的文档根本没有谈到 ipv6。如果 pyopenssl 不能用于 ipv6,是否有任何其他模块可以用来进行 ssl 重新协商?
问题本身与 PyOpenSSL 无关,当您使用范围(link 本地)ipv6 地址时,您需要传递正确的 scopeid as the fourth item of the address tuple:
...
For AF_INET6 address family, a four-tuple (host, port, flowinfo, scopeid) is used, where flowinfo and scopeid represent the sin6_flowinfo and sin6_scope_id members in struct sockaddr_in6 in C. For socket module methods, flowinfo and scopeid can be omitted just for backward compatibility. Note, however, omission of scopeid can cause problems in manipulating scoped IPv6 addresses.
请参阅 ip addr 以显示正确的数字范围 ID,例如对于 ens32 的 scopeid 2,以下应该有效:
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32', 443, 0, 2))
或使用getaddrinfo()获取正确地址:
ainfo = socket.getaddrinfo('fe80::3a63:bbff:fe31:3013%ens32', 443, socket.AF_INET6, socket.SOCK_STREAM)
address = ainfo[0][4]
我需要使用 pyopenssl 连接到 ipv6 服务器。这可能吗?对于 ipv4,我没有任何 problem.This 是我为 ipv6 尝试过的:
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_privatekey_file (os.path.join(dir, 'client.pkey'))
ctx.use_certificate_file(os.path.join(dir, 'client.cert'))
ctx.load_verify_locations(os.path.join(dir, 'CA.cert'))
#Set up client
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET6, socket.SOCK_STREAM))
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32',443,0,0))
但我收到以下错误:
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32',443,0,0))
File "/root/Desktop/PY/ilodos2/venv/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1455, in connect
return self._socket.connect(addr)
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
error: [Errno 22] Invalid argument
pyopenssl 的文档根本没有谈到 ipv6。如果 pyopenssl 不能用于 ipv6,是否有任何其他模块可以用来进行 ssl 重新协商?
问题本身与 PyOpenSSL 无关,当您使用范围(link 本地)ipv6 地址时,您需要传递正确的 scopeid as the fourth item of the address tuple:
...
For AF_INET6 address family, a four-tuple (host, port, flowinfo, scopeid) is used, where flowinfo and scopeid represent the sin6_flowinfo and sin6_scope_id members in struct sockaddr_in6 in C. For socket module methods, flowinfo and scopeid can be omitted just for backward compatibility. Note, however, omission of scopeid can cause problems in manipulating scoped IPv6 addresses.
请参阅 ip addr 以显示正确的数字范围 ID,例如对于 ens32 的 scopeid 2,以下应该有效:
sock.connect(('fe80::3a63:bbff:fe31:3013%ens32', 443, 0, 2))
或使用getaddrinfo()获取正确地址:
ainfo = socket.getaddrinfo('fe80::3a63:bbff:fe31:3013%ens32', 443, socket.AF_INET6, socket.SOCK_STREAM)
address = ainfo[0][4]