I need to create Client/Server application to send files from clients to Server.
I use simple ssl sockets for that and authenticate with certificates.
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(ms,
keyfile=".../newCA/my_client.key",
certfile=".../newCA/my_client.crt",
server_side=0,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=".../newCA/CA/my-ca.crt"
)
ssl_sock.connect((HOST, MPORT))
And Server side:
msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.ssl_sock = ssl.wrap_socket(msock,
keyfile=".../newCA/my_server.key",
certfile=".../newCA/my_server.crt",
server_side=1,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=".../newCA/CA/my-ca.crt"
)
self.ssl_sock.bind(('', self.PORT))
self.ssl_sock.listen(self.QUEUE_MAX)
The problem is the following: when client tries to connect to Server, it requires Enter the pass phrase for private key for Both: for Server-side and Client-side.
- In Java we need to set System Property: javax.net.ssl.keyStorePassword=”” and it has to be used automatically, But how is it been used in Python? I can’t enter pass phrase all time the client connects.
The problem is that my Application:Client should use already signed certificate, and Server should use already signed certificate too. I can’t change it. Both Serever and Clients are long-living applications, so we just run it and we no need to look for them. But, as I understand, Python doesn’t provide statndard way to automatically enter pass phrase for private key. May be other suggestions?
A pass phrase is meant to be entered by a human as means of identification. If you want to hardcode it, a SSL key without passphrase provides the same level of security.
For getting rid of the pass phrase, see also: https://web.archive.org/web/20090116084124/http://www.aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,-and-"%3BGetting-Rid-of-the-Passphrase"%3B