Odoo中文社区可以通过以下三个域名访问:shine-it.net , odoocn.org,odoo.net.cn

原论坛用户的基本信息和发帖这里都予以保留,请注意:原论坛用户无需重新注册新用户,但是您的密码需要重置

开发人员可以登录gitter讨论组: http://gitter.im/odoo-china/Talk, 需要github账号

如果您登录系统碰到问题,请在微信公众号留言:

About OpenERP server SSL Client authentication Support.



  • About OpenERP server's SSL Client authentication Support..

    netsvr.py

    <br />.....<br /><br />class SSLSocket(object):<br />&nbsp; &nbsp; def __init__(self, socket):<br />&nbsp; &nbsp; &nbsp; &nbsp; if not hasattr(socket, &#039;sock_shutdown&#039;):<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import SSL<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import crypto&nbsp; &nbsp; &nbsp;  # add by mrshelly&lt;mrshelly at hotmail.com&gt;<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = SSL.Context(SSL.SSLv23_METHOD)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if not tools.config&#91;&#039;SSLVerifyClient&#039;] :<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;]&#039;)<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config&#91;&#039;secure_ca_cert_file&#039;]).read())&nbsp; &nbsp;  #maybe add &quot;secure_ca_cert_file = Your Ca Cert file path&#039; and &quot;SSLVerifyClient = True&quot; node to your openerp-server.conf file...<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store = ctx.get_cert_store()<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store.add_cert(x509)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = SSL.Connection(ctx, socket)<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = socket<br />....<br />
    



    And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

    And In your VBA Application to test it:

    <br /><br />Sub PutXML()<br /> <br />txtURL = &quot;https://localhost:8069/xmlrpc/object&quot;<br /> <br />&nbsp; Dim objSvrHTTP As ServerXMLHTTP<br />&nbsp; Dim strT As String<br />&nbsp; Set objSvrHTTP = New ServerXMLHTTP<br />&nbsp; <br />&nbsp; objSvrHTTP.Open &quot;POST&quot;, txtURL, False<br />&nbsp; <br />&nbsp; &#039;objSvrHTTP.setRequestHeader &quot;Accept&quot;, &quot;application/xml&quot;<br />&nbsp; objSvrHTTP.setRequestHeader &quot;Content-Type&quot;, &quot;text/xml&quot;<br />&nbsp; <br />&nbsp; strT = &quot;&lt;?xml version=&#039;&#039;1.0&#039;&#039;?&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodCall&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodName&gt;execute&lt;/methodName&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;params&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;test&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;admin&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;res.users&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;read&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;array&gt;&lt;data&gt;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&lt;/data&gt;&lt;/array&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;/params&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/methodCall&gt;&quot;<br />&nbsp; <br />&nbsp; <br />&nbsp; objSvrHTTP.send strT<br />&nbsp; <br />&nbsp; MsgBox objSvrHTTP.responseText<br /> <br />End Sub<br />
    



    Have a good testing....

    By mrshelly <mrshelly at hotmail.com> 2010/12/05


  • 管理员

    SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
    P.S英语。。。。



  • 直接用 apache 的 sslproxy 更方便



  • [quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
    直接用 apache 的 sslproxy 更方便
    [/quote]

    嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..