Odoo中文社区可以通过以下三个域名访问:shine-it.net , odoocn.org,odoo.net.cn

原论坛用户的基本信息和发帖这里都予以保留,请注意:原论坛用户无需重新注册新用户,但是您的密码需要重置

开发人员可以登录gitter讨论组: http://gitter.im/odoo-china/Talk, 需要github账号

如果您登录系统碰到问题,请在微信公众号留言:

About OpenERP server SSL Client authentication Support.



  • About OpenERP server's SSL Client authentication Support..

    netsvr.py
    [code]
    .....

    class SSLSocket(object):
        def init(self, socket):
            if not hasattr(socket, 'sock_shutdown'):
                from OpenSSL import SSL
                from OpenSSL import crypto      # add by mrshelly<mrshelly at hotmail.com>
                ctx = SSL.Context(SSL.SSLv23_METHOD)
                if not tools.config['SSLVerifyClient'] :
                    ctx.use_privatekey_file(tools.config['secure_pkey_file'])
                    ctx.use_certificate_file(tools.config['secure_cert_file'])
                else:
                    # add by mrshelly<mrshelly at hotmail.com> block
                    ctx.use_privatekey_file(tools.config['secure_pkey_file'])
                    ctx.use_certificate_file(tools.config['secure_cert_file']')

                    x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config['secure_ca_cert_file']).read())    #maybe add "secure_ca_cert_file = Your Ca Cert file path' and "SSLVerifyClient = True" node to your openerp-server.conf file...
                    store = ctx.get_cert_store()
                    store.add_cert(x509)
                    ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)
                    # add by mrshelly<mrshelly at hotmail.com> block

                self.socket = SSL.Connection(ctx, socket)
            else:
                self.socket = socket
    ....
    [/code]

    And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

    And In your VBA Application to test it:

    [code]

    Sub PutXML()

    txtURL = "https://localhost:8069/xmlrpc/object"

      Dim objSvrHTTP As ServerXMLHTTP
      Dim strT As String
      Set objSvrHTTP = New ServerXMLHTTP
     
      objSvrHTTP.Open "POST", txtURL, False
     
      'objSvrHTTP.setRequestHeader "Accept", "application/xml"
      objSvrHTTP.setRequestHeader "Content-Type", "text/xml"
     
      strT = "<?xml version=''1.0''?>"
      strT = strT & "<methodCall>"
      strT = strT & "<methodName>execute</methodName>"
      strT = strT & "<params>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>test</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><int>1</int></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>admin</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>res.users</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>read</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><array><data><value><int>1</int></value></data></array></value>"
      strT = strT & "</param>"
     
      strT = strT & "</params>"
      strT = strT & "</methodCall>"
     
     
      objSvrHTTP.send strT
     
      MsgBox objSvrHTTP.responseText

    End Sub
    [/code]

    Have a good testing....

    By mrshelly <mrshelly at hotmail.com> 2010/12/05



  • About OpenERP server's SSL Client authentication Support..

    netsvr.py
    [code]
    .....

    class SSLSocket(object):
        def init(self, socket):
            if not hasattr(socket, 'sock_shutdown'):
                from OpenSSL import SSL
                from OpenSSL import crypto      # add by mrshelly<mrshelly at hotmail.com>
                ctx = SSL.Context(SSL.SSLv23_METHOD)
                if not tools.config['SSLVerifyClient'] :
                    ctx.use_privatekey_file(tools.config['secure_pkey_file'])
                    ctx.use_certificate_file(tools.config['secure_cert_file'])
                else:
                    # add by mrshelly<mrshelly at hotmail.com> block
                    ctx.use_privatekey_file(tools.config['secure_pkey_file'])
                    ctx.use_certificate_file(tools.config['secure_cert_file']')

                    x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config['secure_ca_cert_file']).read())    #maybe add "secure_ca_cert_file = Your Ca Cert file path' and "SSLVerifyClient = True" node to your openerp-server.conf file...
                    store = ctx.get_cert_store()
                    store.add_cert(x509)
                    ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)
                    # add by mrshelly<mrshelly at hotmail.com> block

                self.socket = SSL.Connection(ctx, socket)
            else:
                self.socket = socket
    ....
    [/code]

    And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

    And In your VBA Application to test it:

    [code]

    Sub PutXML()

    txtURL = "https://localhost:8069/xmlrpc/object"

      Dim objSvrHTTP As ServerXMLHTTP
      Dim strT As String
      Set objSvrHTTP = New ServerXMLHTTP
     
      objSvrHTTP.Open "POST", txtURL, False
     
      'objSvrHTTP.setRequestHeader "Accept", "application/xml"
      objSvrHTTP.setRequestHeader "Content-Type", "text/xml"
     
      strT = "<?xml version=''1.0''?>"
      strT = strT & "<methodCall>"
      strT = strT & "<methodName>execute</methodName>"
      strT = strT & "<params>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>test</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><int>1</int></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>admin</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>res.users</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><string>read</string></value>"
      strT = strT & "</param>"
     
      strT = strT & "<param>"
      strT = strT & "<value><array><data><value><int>1</int></value></data></array></value>"
      strT = strT & "</param>"
     
      strT = strT & "</params>"
      strT = strT & "</methodCall>"
     
     
      objSvrHTTP.send strT
     
      MsgBox objSvrHTTP.responseText

    End Sub
    [/code]

    Have a good testing....

    By mrshelly <mrshelly at hotmail.com> 2010/12/05


  • 管理员

    SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
    P.S英语。。。。



  • 直接用 apache 的 sslproxy 更方便



  • [quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
    直接用 apache 的 sslproxy 更方便
    [/quote]

    嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..


登录后回复
 

与 Odoo 中文社区 的连接断开,我们正在尝试重连,请耐心等待