• 版块
  • 标签
  • 热门
  • 用户
  • 群组
Skins
  • Light
  • Default
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Quartz
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Slate
  • Solar
  • Superhero
  • Vapor
Collapse

Odoo 中文社区

About OpenERP server SSL Client authentication Support.

已定时 已固定 已锁定 已移动 Odoo 开发与实施交流
5 帖子 3 发布者 5593 浏览
    • 从旧到新
    • 从新到旧
    • 最多赞同
回复
  • 在新帖中回复
登录后回复
此主题已被删除。只有拥有主题管理权限的用户可以查看。
  • mrshellyM 离线
    mrshellyM 离线
    mrshelly
    写于 最后由 编辑
    #1

    About OpenERP server's SSL Client authentication Support..

    netsvr.py

    <br />.....<br /><br />class SSLSocket(object):<br />&nbsp; &nbsp; def __init__(self, socket):<br />&nbsp; &nbsp; &nbsp; &nbsp; if not hasattr(socket, &#039;sock_shutdown&#039;):<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import SSL<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import crypto&nbsp; &nbsp; &nbsp;  # add by mrshelly&lt;mrshelly at hotmail.com&gt;<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = SSL.Context(SSL.SSLv23_METHOD)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if not tools.config&#91;&#039;SSLVerifyClient&#039;] :<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;]&#039;)<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config&#91;&#039;secure_ca_cert_file&#039;]).read())&nbsp; &nbsp;  #maybe add &quot;secure_ca_cert_file = Your Ca Cert file path&#039; and &quot;SSLVerifyClient = True&quot; node to your openerp-server.conf file...<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store = ctx.get_cert_store()<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store.add_cert(x509)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = SSL.Connection(ctx, socket)<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = socket<br />....<br />
    



    And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

    And In your VBA Application to test it:

    <br /><br />Sub PutXML()<br /> <br />txtURL = &quot;https://localhost:8069/xmlrpc/object&quot;<br /> <br />&nbsp; Dim objSvrHTTP As ServerXMLHTTP<br />&nbsp; Dim strT As String<br />&nbsp; Set objSvrHTTP = New ServerXMLHTTP<br />&nbsp; <br />&nbsp; objSvrHTTP.Open &quot;POST&quot;, txtURL, False<br />&nbsp; <br />&nbsp; &#039;objSvrHTTP.setRequestHeader &quot;Accept&quot;, &quot;application/xml&quot;<br />&nbsp; objSvrHTTP.setRequestHeader &quot;Content-Type&quot;, &quot;text/xml&quot;<br />&nbsp; <br />&nbsp; strT = &quot;&lt;?xml version=&#039;&#039;1.0&#039;&#039;?&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodCall&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodName&gt;execute&lt;/methodName&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;params&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;test&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;admin&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;res.users&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;read&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;array&gt;&lt;data&gt;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&lt;/data&gt;&lt;/array&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;/params&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/methodCall&gt;&quot;<br />&nbsp; <br />&nbsp; <br />&nbsp; objSvrHTTP.send strT<br />&nbsp; <br />&nbsp; MsgBox objSvrHTTP.responseText<br /> <br />End Sub<br />
    



    Have a good testing....

    By mrshelly <mrshelly at hotmail.com> 2010/12/05

    1 条回复 最后回复
    0
  • JoshuaJ 离线
    JoshuaJ 离线
    Joshua 管理员
    写于 最后由 编辑
    #2

    SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
    P.S英语。。。。

    【上海先安科技】(joshua AT openerp.cn),欢迎关注公众号:openerp_cn

    1 条回复 最后回复
    0
  • O 离线
    O 离线
    oldrev
    写于 最后由 编辑
    #3

    直接用 apache 的 sslproxy 更方便

    1 条回复 最后回复
    0
  • mrshellyM 离线
    mrshellyM 离线
    mrshelly
    写于 最后由 编辑
    #4

    [quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
    直接用 apache 的 sslproxy 更方便
    [/quote]

    嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..

    1 条回复 最后回复
    0

  • 登录

  • 没有帐号? 注册

  • Login or register to search.
  • 第一个帖子
    最后一个帖子
0
  • 版块
  • 标签
  • 热门
  • 用户
  • 群组
  • 登录

  • 没有帐号? 注册

  • Login or register to search.