Created
November 5, 2020 01:26
-
-
Save stephenbradshaw/a2b72b5b58c93ca74b54f7747f18a481 to your computer and use it in GitHub Desktop.
Python 3 Simple HTTPS server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # python3 update of https://gist.github.com/dergachev/7028596 | |
| # Create a basic certificate using openssl: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html | |
| import http.server | |
| import ssl | |
| httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler) | |
| httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=True) | |
| httpd.serve_forever() |
If server.crt server.key are separate, use this to load
ctx.load_cert_chain(certfile='server.crt', keyfile='server.key')
can sb help me, i have code like this:
import http.server
import ssl
httpd = http.server.HTTPServer(('localhost', 8000), http.server.SimpleHTTPRequestHandler)
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.load_cert_chain(certfile='./server.pem')
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()
and i have error such as:
PS C:\Users\PC\Desktop\Links-page-main> & C:/Users/PC/AppData/Local/Microsoft/WindowsApps/python3.13.exe c:/Users/PC/Desktop/Links-page-main/server.py
Traceback (most recent call last):
File "c:\Users\PC\Desktop\Links-page-main\server.py", line 7, in <module>
ctx.load_cert_chain(certfile='./server.pem')
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [SSL] PEM lib (_ssl.c:4097)
python 3.13.1
@BagroSlave Does ./server.pem exist, and is it in the right format? Looks like a problem with reading that file
@BagroSlave Does ./server.pem exist, and is it in the right format? Looks like a problem with reading that file
yeah, i have one in the same directory as script, which was created with openssl
@BagroSlave Do all of these work? These will read the CA in PEM form, read the private key in PEM form and verify the certificate against itself as a CA. If any fail then there is a problem with the file.
openssl x509 -in ./server.pem -text -noout -inform PEM
openssl rsa -in server.pem -text -noout -inform PEM
openssl verify -verbose -CAfile ./server.pem ./server.pem
@BagroSlave Do all of these work? These will read the CA in PEM form, read the private key in PEM form and verify the certificate against itself as a CA. If any fail then there is a problem with the file.
openssl x509 -in ./server.pem -text -noout -inform PEM openssl rsa -in server.pem -text -noout -inform PEM openssl verify -verbose -CAfile ./server.pem ./server.pem
yeah, it give me sth like this:
C:\links>openssl x509 -in ./server.pem -text -noout -inform PEM
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:ba:f8:4c:f7:ab:f3:6e:8a:e6:93:ed:1f:0a:fb:5b:08:54:50:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Some-State, O=Internet Widgits Pty Ltd, CN=192.168.0.2
Validity
Not Before: Jan 16 14:37:08 2025 GMT
Not After : Jan 16 14:37:08 2026 GMT
Subject: C=UA, ST=Some-State, O=Internet Widgits Pty Ltd, CN=192.168.0.2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b5:2f:fd:19:ff:73:73:08:85:5a:b8:d4:ac:37:
18:b1:ed:06:03:49:4c:22:47:3a:8f:f5:43:3a:b9:
35:17:8e:bf:18:92:21:28:2a:a1:c8:f2:54:8f:f7:
e8:b8:6c:f7:31:3c:a8:82:0e:ff:81:a5:a8:f1:37:
65:cc:66:9b:b4:bf:a5:40:97:77:48:0d:77:2b:2a:
0b:3a:6e:a8:82:fa:45:e5:15:63:59:47:be:ae:2d:
3a:52:40:a7:c3:d8:5f:fb:8c:a9:be:3b:40:57:2b:
2e:43:3e:0a:4a:6e:58:06:6c:35:f2:1a:d5:2a:0b:
25:3d:89:33:ac:b7:5f:c9:38:7a:01:b2:5c:25:a5:
ca:0e:1f:2b:d6:d4:23:6f:a2:06:ed:48:aa:d3:5a:
3e:4c:ca:43:fc:d2:18:02:12:72:f1:ee:71:5f:15:
c0:ce:e5:bc:09:aa:3b:3d:1c:b2:39:93:65:6a:43:
1e:c9:15:58:48:d6:21:e6:90:1b:f5:65:61:d4:74:
79:3d:ee:c4:ac:10:3a:4e:34:5c:98:00:4e:93:65:
6d:fb:93:f0:37:27:3c:e1:86:ec:e4:93:c4:9b:bd:
f7:5f:a6:9c:d1:89:44:ca:15:e8:49:32:5b:ec:98:
69:0e:1a:79:24:f4:a6:1e:27:7f:63:d2:a8:78:40:
fc:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:99:19:F7:27:BB:90:4F:C4:64:91:91:E1:F6:3C:07:6A:E9:A6:30
X509v3 Authority Key Identifier:
17:99:19:F7:27:BB:90:4F:C4:64:91:91:E1:F6:3C:07:6A:E9:A6:30
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
13:e0:e7:72:6e:d5:3d:6e:96:50:42:3e:c1:be:40:1d:bc:25:
f7:e1:1d:dc:0f:13:29:70:c8:83:6a:b4:46:71:a2:d0:57:88:
54:91:f7:a1:fd:c5:bf:83:28:fa:25:20:0f:5f:b9:1b:6d:99:
89:72:87:bd:f7:57:c7:28:74:ef:a0:e4:70:88:df:24:5e:3b:
cd:3b:76:bd:7f:c5:ee:ab:d3:4f:48:bf:73:51:0e:c6:d1:0f:
9a:b0:86:2d:9d:5f:c1:80:5d:f4:1b:03:71:de:74:d6:09:59:
0b:05:52:41:54:b8:c2:b0:13:07:13:da:96:af:86:4c:1b:b4:
f8:38:42:74:d6:b2:f1:5b:84:bf:26:f6:87:32:74:ca:e7:14:
59:a2:0b:2c:66:6e:6f:7e:0b:d4:f9:ff:4d:dd:e3:f0:69:7d:
1e:7b:19:0e:55:ec:af:aa:78:fd:65:29:3b:be:21:b0:29:53:
a8:41:22:e5:69:64:ad:92:e5:26:71:89:2e:e8:74:a1:1e:5d:
25:c6:e8:52:4c:bf:f5:de:a9:82:b3:b7:48:af:04:27:65:0d:
0c:ff:29:c0:d3:ba:a9:a6:00:62:72:41:58:6f:b9:de:e5:34:
a3:d1:25:d3:ee:50:7b:e1:65:10:8f:52:cd:18:5f:f1:24:87:
6a:2b:4f:e6
C:\links>openssl rsa -in server.pem -text -noout -inform PEM
Private-Key: (2048 bit, 2 primes)
modulus:
00:b5:2f:fd:19:ff:73:73:08:85:5a:b8:d4:ac:37:
18:b1:ed:06:03:49:4c:22:47:3a:8f:f5:43:3a:b9:
35:17:8e:bf:18:92:21:28:2a:a1:c8:f2:54:8f:f7:
e8:b8:6c:f7:31:3c:a8:82:0e:ff:81:a5:a8:f1:37:
65:cc:66:9b:b4:bf:a5:40:97:77:48:0d:77:2b:2a:
0b:3a:6e:a8:82:fa:45:e5:15:63:59:47:be:ae:2d:
3a:52:40:a7:c3:d8:5f:fb:8c:a9:be:3b:40:57:2b:
2e:43:3e:0a:4a:6e:58:06:6c:35:f2:1a:d5:2a:0b:
25:3d:89:33:ac:b7:5f:c9:38:7a:01:b2:5c:25:a5:
ca:0e:1f:2b:d6:d4:23:6f:a2:06:ed:48:aa:d3:5a:
3e:4c:ca:43:fc:d2:18:02:12:72:f1:ee:71:5f:15:
c0:ce:e5:bc:09:aa:3b:3d:1c:b2:39:93:65:6a:43:
1e:c9:15:58:48:d6:21:e6:90:1b:f5:65:61:d4:74:
79:3d:ee:c4:ac:10:3a:4e:34:5c:98:00:4e:93:65:
6d:fb:93:f0:37:27:3c:e1:86:ec:e4:93:c4:9b:bd:
f7:5f:a6:9c:d1:89:44:ca:15:e8:49:32:5b:ec:98:
69:0e:1a:79:24:f4:a6:1e:27:7f:63:d2:a8:78:40:
fc:6d
publicExponent: 65537 (0x10001)
privateExponent:
02:92:b4:97:8e:9f:d8:cc:0f:e1:8d:d7:ce:89:e3:
c4:63:e4:05:11:ba:4e:8f:83:65:17:c5:78:8b:52:
2f:98:f5:76:c7:90:7b:2d:d8:9c:87:d6:df:64:21:
98:08:e4:ea:2f:63:70:d4:97:e5:4f:f1:40:8e:19:
f2:17:76:8b:9d:13:1f:68:67:40:f3:32:67:8b:d2:
34:cc:ba:1a:81:45:93:08:c5:05:ea:dc:03:ab:03:
5c:1d:df:8a:71:c3:7f:2f:85:e6:c9:31:a0:04:e1:
77:68:cb:d7:37:5b:58:10:01:8a:ea:8a:6f:6d:84:
17:92:b9:87:d7:49:9f:d8:cc:65:47:f3:78:e2:bd:
c3:53:11:e1:f4:c8:69:b0:b3:0c:3a:bf:c0:75:d1:
be:a0:16:05:22:bb:92:cf:d9:46:95:e1:4b:26:12:
9b:07:96:22:1a:6e:2a:76:63:4b:60:b1:8e:ad:bb:
28:9f:5f:c3:a2:b0:78:37:16:ce:5f:3d:08:51:b4:
3e:09:52:e4:25:e5:0d:fe:cb:11:f3:95:43:7d:5e:
ff:89:5a:64:bb:cf:61:41:19:e1:79:f1:43:35:26:
56:44:c4:ec:d1:5f:8c:a8:3f:35:cb:b5:38:dd:46:
7a:6f:36:d7:3a:99:02:f9:b6:04:8d:5b:e0:d2:17:
71
prime1:
00:f8:c6:fa:44:2d:8a:30:27:68:2f:90:ad:53:da:
55:40:11:6b:4b:0c:4f:fe:da:b1:80:b4:f3:bc:89:
a4:d3:05:87:ba:fa:ba:bb:cf:18:ad:2a:64:0e:a1:
5e:62:2b:71:7e:e2:da:1d:ab:17:c5:8b:08:e2:72:
c1:2e:71:ba:d7:d5:f7:5f:64:4c:9f:5a:69:6f:ca:
9f:6c:65:6c:c5:9f:79:29:ec:b5:88:7a:a5:a5:36:
1b:1c:74:e2:15:65:91:01:b9:ce:60:25:3b:4c:36:
01:26:74:82:e1:82:eb:e9:3b:f9:23:cd:7e:b1:10:
0e:9d:a8:25:a3:ad:ac:4b:49
prime2:
00:ba:72:a7:61:fa:6a:25:3a:bc:b4:6b:b4:ff:b2:
eb:b2:70:fa:03:61:b7:18:66:f2:c3:a8:ec:62:08:
39:72:e9:f7:20:2c:40:92:37:1e:3d:32:05:d1:7b:
7d:cb:8a:37:51:73:fe:76:71:99:ac:a6:4b:f7:a8:
f6:2c:59:60:7d:bc:ee:6f:e0:d9:6c:f3:ea:12:08:
65:5c:b2:77:24:f9:b0:8d:a2:90:16:3d:3b:f1:6e:
9c:37:26:8c:7c:41:a4:6f:23:37:53:dd:44:1a:f3:
e9:e2:4d:ca:4a:b2:7b:bf:23:2a:5c:ba:9c:26:f5:
6a:fd:54:f9:65:1f:a3:64:05
exponent1:
00:8d:4d:37:49:12:34:b3:35:2e:d0:15:74:dd:73:
dd:88:0e:5c:ca:bb:ab:94:2d:d3:34:2f:93:61:3b:
2d:0b:4e:d0:d1:3b:28:65:14:34:07:e7:53:fd:9b:
5a:68:98:14:56:e5:b2:cd:b7:28:41:63:bf:20:1f:
dd:e9:eb:5f:1c:c8:c3:40:c3:4f:62:13:90:5f:96:
cf:06:5a:75:75:aa:26:bf:d1:5b:2a:b1:be:f4:1f:
cf:36:52:8d:37:6a:00:fa:e1:f6:7e:55:a7:60:9a:
2b:fd:13:a0:63:46:61:88:90:2f:ea:4e:05:ef:bc:
17:11:25:38:7b:c7:61:5d:41
exponent2:
00:96:26:43:5a:0a:3a:75:24:ea:57:39:ee:17:85:
d5:7e:6c:b1:4b:0b:e4:51:c8:86:74:bf:93:2e:17:
85:7c:5f:a2:de:cc:04:6c:3b:eb:24:49:26:9a:5f:
23:1d:49:7f:e7:1e:cc:ac:42:2c:09:f8:1a:71:a6:
26:29:ed:08:61:fa:46:e2:de:66:fa:f1:2b:6d:be:
49:32:ef:9e:37:ae:c5:5a:2a:b2:72:d6:79:71:a3:
2c:36:d5:da:89:2e:ab:e7:bc:aa:8f:e5:3f:35:9d:
7c:9a:fd:1e:8e:2d:52:ae:c8:f9:12:98:4d:ac:aa:
33:b1:34:3f:6c:0a:a0:a0:a9
coefficient:
78:b1:cc:5f:99:5e:fd:e3:07:0a:35:65:40:3b:9d:
16:01:1d:f4:3d:58:1f:75:77:b1:36:e6:67:a3:45:
06:8a:2c:cb:84:9b:b6:f3:16:28:ac:f9:75:57:46:
52:c9:57:c3:af:5e:ae:0f:56:17:54:00:8f:fe:04:
1e:dd:aa:2e:f4:44:09:40:79:15:e0:03:5d:b1:ba:
e9:d3:95:46:96:6a:d9:98:39:17:e2:ae:9e:b6:6b:
b0:d5:4b:fb:a5:05:47:c5:26:5b:6d:cd:08:b3:ba:
cb:43:37:a5:bd:73:4f:4e:ab:9e:85:8a:94:7f:b1:
91:2d:af:60:1c:77:fd:70
C:\links>openssl verify -verbose -CAfile ./server.pem ./server.pem
./server.pem: OK
@BagroSlave Could be a Windows thing with parsing the PEM file in the Python ssl library. You might want to try modifying the load_cert_chain line to specify the key file specifically, as discussed here. Maybe also seperate the key content into a different file from the cert, make sure the openssl command line can still parse both as with the commands above, and try either Windows or Linux line ending patterns in the PEM file in case thats causing a parsing error in Python ssl. If none of that works Im out of ideas.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks @lxylxy123456