+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: Python (https://sinister.ly/Forum-Python)
+--- Thread: Tutorial How to modify an http server to work over https (/Thread-Tutorial-How-to-modify-an-http-server-to-work-over-https)
How to modify an http server to work over https - 3SidedSquare - 04-05-2013
Alright, so I spent 8 hours over the last 2 days ripping out my hair, facial hair, arm hair, leg hair, pubic hair, ect. trying to figure out how the hell to make a socket work with https. I'm writing this in the hopes that will will save someone a lot of time, pain, and hair.
First, be able to work with http before trying https!
Http
see thread
To work with https, you're going to new a few more things.
Namely, a certificate, and a keyfile. I generated one using this site. (Obviously, the certificate will not be verified by any trusted distributor, so clients will get a warning saying something along the lines of "This site has presented a security certificate that is not signed by a trusted source, do you want to continue?")
Next, there's a handy part of the python library that helps do a lot of behind-the-scenes type stuff
Code:
import sslNext, we need to wrap our socket into an SSLSocket
Code:
... Create a regular socket with the name bindsocket ...
try:
ss, addr = bindsocket.accept()
sstream = ssl.wrap_socket(ss,
server_side = True,
cerfile='./Name_of_certificate_file'
keyfile='./Name_of_key_file'
ssl_version = ssl.PROTOCOL_v23 #For maximum compatibility
except:
print (":-(")
...Now that our socket is wrapped as an SSLSocket, we can start reading and writing (Remember sockets are bi-directional!). SSLSockets are StreamSockets, which is a problem because http is very un-stream like. To work with https, we need files that we read from, to get the user's request; and a socket to write to, so we can serve the request.
Code:
...
rfile = sstream.makefile('rb',-1) #Use buffer of -1 so that it's default buffered, doesn't
#slow down as much with large requests.
wfile = sstream.makefile('wb', 0)#Use unbuffered file, because sometimes we don't even
#need to do anything, and buffer on writefiles can be slow
wfile.write(b'HTTP/1.0 200 OK\r\n\r\n <html><h1>Hello, world!</h1></html>')
data = rfile.readline(65537) #Some browsers try multiple standards for https.
#This next part prints the request,
#as long as it's an HTTP request
if(data != b''): #The end data is not blank (happens 2/3 times with chrome)
moredata = b'' #To store all the data we want to print
last = b'' #To figure out when we've hit the end, and it's time to quit
x = 1
while(last.find(b'q=') == -1) #We haven't hit the end of the request
thisdata = rfile.readline(x) #read in some data
moredata += (thisdata) #add it to what we want to print
last = thisdata #Make sure last is the last line we read
x += 1 #And bump up the line we want to read next time
print(moredata)
...Now that we've gotten all the data that we want, and have all the data we want to send ready to send, all that's left is to send it!
Code:
...
wfile.flush() #Sends any data not already sent
rfile.flush() #Flush the rfile for anything stray(wut?)
wfile.close() #close the files like the good programmers we are
rfile.close()
sstream.close() #And finally close the connection so we can server another oneRE: How to modify an http server to work over https - Charon - 04-05-2013
Good tutorial 3SidedSquare, this will definitely help people who want to work with HTTPS.