Tutorial How to modify an http server to work over https

3SidedSquare · 04-05-2013, 02:26 AM

Alright, so I spent 8 hours over the last 2 days ripping out my hair, facial hair, arm hair, leg hair, pubic hair, ect. trying to figure out how the hell to make a socket work with https. I'm writing this in the hopes that will will save someone a lot of time, pain, and hair.

First, be able to work with http before trying https!

Http
see thread

To work with https, you're going to new a few more things.

Namely, a certificate, and a keyfile. I generated one using this site. (Obviously, the certificate will not be verified by any trusted distributor, so clients will get a warning saying something along the lines of "This site has presented a security certificate that is not signed by a trusted source, do you want to continue?")

Next, there's a handy part of the python library that helps do a lot of behind-the-scenes type stuff

Code:
import ssl

Next, we need to wrap our socket into an SSLSocket

Code:
... Create a regular socket with the name bindsocket ...

    try:

        ss, addr = bindsocket.accept()

        sstream = ssl.wrap_socket(ss,

                    server_side = True,

                    cerfile='./Name_of_certificate_file'

                    keyfile='./Name_of_key_file'

                    ssl_version = ssl.PROTOCOL_v23 #For maximum compatibility

    except:

        print (":-(")

...

Now that our socket is wrapped as an SSLSocket, we can start reading and writing (Remember sockets are bi-directional!). SSLSockets are StreamSockets, which is a problem because http is very un-stream like. To work with https, we need files that we read from, to get the user's request; and a socket to write to, so we can serve the request.

Code:
...

    rfile = sstream.makefile('rb',-1)  #Use buffer of -1 so that it's default buffered, doesn't

                               #slow down as much with large requests.

    wfile = sstream.makefile('wb', 0)#Use unbuffered file, because sometimes we don't even

                               #need to do anything, and buffer on writefiles can be slow

    wfile.write(b'HTTP/1.0 200 OK\r\n\r\n <html><h1>Hello, world!</h1></html>')

    data = rfile.readline(65537)       #Some browsers try multiple standards for https.

                                                  #This next part prints the request,

                                                  #as long as it's an HTTP request

    if(data != b''):                  #The end data is not blank (happens 2/3 times with chrome)

        moredata = b''          #To store all the data we want to print

        last = b''                  #To figure out when we've hit the end, and it's time to quit

        x = 1

        while(last.find(b'q=') == -1) #We haven't hit the end of the request

            thisdata = rfile.readline(x) #read in some data

            moredata += (thisdata) #add it to what we want to print

            last = thisdata      #Make sure last is the last line we read

            x += 1          #And bump up the line we want to read next time

        print(moredata)

...

Now that we've gotten all the data that we want, and have all the data we want to send ready to send, all that's left is to send it!

Code:
...

wfile.flush()                          #Sends any data not already sent

rfile.flush()                          #Flush the rfile for anything stray(wut?)

wfile.close()                  #close the files like the good programmers we are

rfile.close()

sstream.close()                  #And finally close the connection so we can server another one

Charon · 04-05-2013, 01:20 PM

Good tutorial 3SidedSquare, this will definitely help people who want to work with HTTPS.