Odoo 中文社区

    • 注册
    • 登录
    • 搜索
    • 版块
    • 标签
    • 热门
    • 用户
    • 群组

    Odoo中文社区可以通过以下两个域名访问:shine-it.net , odoo.net.cn

    由于系统升迁的原因,本论坛部分较早期的内容存在格式和链接损坏失效的问题,并非本论坛系统本身的缺陷,望谅解

    本社区没有维护任何QQ群讨论组,任何与本社区同名的QQ群讨论组的言论与本社区无关!

    开发人员可以登录gitter讨论组: http://gitter.im/odoo-china/Talk, 需要github账号

    如果您登录系统碰到问题,请在微信公众号留言:

    About OpenERP server SSL Client authentication Support.

    Odoo 开发与实施交流
    3
    5
    5591
    正在加载更多帖子
    • 从旧到新
    • 从新到旧
    • 最多赞同
    回复
    • 在新帖中回复
    登录后回复
    此主题已被删除。只有拥有主题管理权限的用户可以查看。
    • mrshelly
      mrshelly 最后由 编辑

      About OpenERP server's SSL Client authentication Support..

      netsvr.py

      <br />.....<br /><br />class SSLSocket(object):<br />&nbsp; &nbsp; def __init__(self, socket):<br />&nbsp; &nbsp; &nbsp; &nbsp; if not hasattr(socket, &#039;sock_shutdown&#039;):<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import SSL<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import crypto&nbsp; &nbsp; &nbsp;  # add by mrshelly&lt;mrshelly at hotmail.com&gt;<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = SSL.Context(SSL.SSLv23_METHOD)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if not tools.config&#91;&#039;SSLVerifyClient&#039;] :<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;]&#039;)<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config&#91;&#039;secure_ca_cert_file&#039;]).read())&nbsp; &nbsp;  #maybe add &quot;secure_ca_cert_file = Your Ca Cert file path&#039; and &quot;SSLVerifyClient = True&quot; node to your openerp-server.conf file...<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store = ctx.get_cert_store()<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store.add_cert(x509)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = SSL.Connection(ctx, socket)<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = socket<br />....<br />
      



      And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

      And In your VBA Application to test it:

      <br /><br />Sub PutXML()<br /> <br />txtURL = &quot;https://localhost:8069/xmlrpc/object&quot;<br /> <br />&nbsp; Dim objSvrHTTP As ServerXMLHTTP<br />&nbsp; Dim strT As String<br />&nbsp; Set objSvrHTTP = New ServerXMLHTTP<br />&nbsp; <br />&nbsp; objSvrHTTP.Open &quot;POST&quot;, txtURL, False<br />&nbsp; <br />&nbsp; &#039;objSvrHTTP.setRequestHeader &quot;Accept&quot;, &quot;application/xml&quot;<br />&nbsp; objSvrHTTP.setRequestHeader &quot;Content-Type&quot;, &quot;text/xml&quot;<br />&nbsp; <br />&nbsp; strT = &quot;&lt;?xml version=&#039;&#039;1.0&#039;&#039;?&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodCall&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodName&gt;execute&lt;/methodName&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;params&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;test&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;admin&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;res.users&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;read&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;array&gt;&lt;data&gt;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&lt;/data&gt;&lt;/array&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;/params&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/methodCall&gt;&quot;<br />&nbsp; <br />&nbsp; <br />&nbsp; objSvrHTTP.send strT<br />&nbsp; <br />&nbsp; MsgBox objSvrHTTP.responseText<br /> <br />End Sub<br />
      



      Have a good testing....

      By mrshelly <mrshelly at hotmail.com> 2010/12/05

      1 条回复 最后回复 回复 引用 0
      • Joshua
        Joshua 管理员 最后由 编辑

        SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
        P.S英语。。。。

        【上海先安科技】(joshua AT openerp.cn),欢迎关注公众号:openerp_cn

        1 条回复 最后回复 回复 引用 0
        • O
          oldrev 最后由 编辑

          直接用 apache 的 sslproxy 更方便

          1 条回复 最后回复 回复 引用 0
          • mrshelly
            mrshelly 最后由 编辑

            [quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
            直接用 apache 的 sslproxy 更方便
            [/quote]

            嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..

            1 条回复 最后回复 回复 引用 0
            • First post
              Last post