环境
https.py
import urllib2, httplib, ssl, socket
DEFAULT_HTTP_TIMEOUT = 10
class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
'''
Allows sending a client certificate with the HTTPS connection.
This version also validates the peer (server) certificate since, well...
WTF IS THE POINT OF SSL IF YOU DON"T AUTHENTICATE THE PERSON YOU"RE TALKING TO!??!
'''
def __init__(self, key=None, cert=None, ca_certs=None, ssl_version=None, ciphers=None):
urllib2.HTTPSHandler.__init__(self)
self.key = key
self.cert = cert
self.ca_certs = ca_certs
self.ssl_version = ssl_version
self.ciphers = ciphers
def https_open(self, req):
return self.do_open(self.get_connection, req)
def get_connection(self, host, timeout=DEFAULT_HTTP_TIMEOUT):
return HTTPSConnection( host,
key_file = self.key,
cert_file = self.cert,
timeout = timeout,
ciphers = self.ciphers,
ca_certs = self.ca_certs )
class HTTPSConnection(httplib.HTTPSConnection):
'''
Overridden to allow peer certificate validation, configuration
of SSL/ TLS version and cipher selection. See:
http://hg.python.org/cpython/file/c1c45755397b/Lib/httplib.py#l1144
and `ssl.wrap_socket()`
'''
def __init__(self, host, **kwargs):
self.ciphers = kwargs.pop('ciphers',None)
self.ca_certs = kwargs.pop('ca_certs',None)
self.ssl_version = kwargs.pop('ssl_version', ssl.PROTOCOL_SSLv23)
httplib.HTTPSConnection.__init__(self,host,**kwargs)
def connect(self):
sock = socket.create_connection( (self.host, self.port), self.timeout )
if self._tunnel_host:
self.sock = sock
self._tunnel()
self.sock = ssl.wrap_socket( sock,
keyfile = self.key_file,
certfile = self.cert_file,
ca_certs = self.ca_certs,
cert_reqs = ssl.CERT_REQUIRED if self.ca_certs else ssl.CERT_NONE )
test.py
import urllib2
import urllib
import https
import ssl
import json
client_cert_key = "etcd-client-key.pem"
client_cert_pem = "etcd-client.pem"
ca_certs = "etcd-ca.pem"
handlers = []
handlers.append( https.HTTPSClientAuthHandler(
key = client_cert_key,
cert = client_cert_pem,
ca_certs = ca_certs,
ssl_version = ssl.PROTOCOL_SSLv23,
ciphers = 'TLS_RSA_WITH_AES_256_CBC_SHA' ) )
http = urllib2.build_opener(*handlers)
resp = http.open('https://xxxx:2379/v2/members')
data = resp.read()
req = urllib2.Request(url)
data = urllib.urlencode(data)
resp = http.open(req, data)
request = urllib2.Request(url, data=json_data)
request.add_header('Content-Type', 'application/json')
request.get_method = lambda: 'PUT'
resp = http.open(request)
request = urllib2.Request(url, data=data)
request.get_method = lambda: 'DELETE'
resp = http.open(request)
resp.close()