# Server side: Sample patch to serve_secure_threaded.
# TODO: Verify client cert.
# Disable certificate chaining. Accept only my CA.
def serve_secure_threaded(options):
t = ThreadedServer(SlaveService, hostname = options.host,
port = options.port, reuse_addr = True,
authenticator = options.authenticator, registrar = options.registrar,
auto_register = options.auto_register)
t.logger.quiet = options.quiet
if options.logfile:
t.logger.console = open(options.logfile, "w")
import ssl
import ck
print "Setting up ssl"
config_root = ck.refs.config_root
ca_certs=config_root.keystore.rpyc.ca_cert
certfile=config_root.keystore.rpyc.server_cert
keyfile=config_root.keystore.rpyc.server_key
assert all([os.access(path, os.R_OK) for path in (ca_certs, certfile, keyfile)])
t.listener = ssl.wrap_socket(
t.listener,
ssl_version=ssl.PROTOCOL_TLSv1,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=config_root.keystore.rpyc.ca_cert,
certfile=config_root.keystore.rpyc.server_cert,
keyfile=config_root.keystore.rpyc.server_key)
t.start()
# Alternate / even older code sample. Obsolete?
o = Bag(host="localhost",
port=12000,
registrar=None,
auto_register=None,
quiet=False,
logfile=None)
def A(s):
return ssl.wrap_socket(s,
server_side=True,
certfile="/Users/chirayu/tmp/mycert.pem",
keyfile="/Users/chirayu/tmp/mycert.pem",
ssl_version=ssl.PROTOCOL_TLSv1),
None
o.authenticator = A
# Client Side
# TODO: Verify server cert.
def create_client_connection():
import rpyc, ssl, os.path
import rpyc.core, rpyc.utils.factory
rpyc_config = ck.refs.config_root.misc.rpyc
config_root = ck.refs.config_root
s = rpyc.core.SocketStream.connect(
rpyc_config.server_address, rpyc_config.server_secure_port)
s.sock = ssl.wrap_socket(
s.sock,
ssl_version=ssl.PROTOCOL_TLSv1,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=config_root.keystore.rpyc.ca_cert,
certfile=config_root.keystore.rpyc.client_cert,
keyfile=config_root.keystore.rpyc.client_key)
return rpyc.Connection(rpyc.SlaveService, rpyc.Channel(s))
