Odoo中文社区可以通过以下两个域名访问:shine-it.net , odoo.net.cn
由于系统升迁的原因,本论坛部分较早期的内容存在格式和链接损坏失效的问题,并非本论坛系统本身的缺陷,望谅解
本社区没有维护任何QQ群讨论组,任何与本社区同名的QQ群讨论组的言论与本社区无关!
开发人员可以登录gitter讨论组: http://gitter.im/odoo-china/Talk, 需要github账号
如果您登录系统碰到问题,请在微信公众号留言:
About OpenERP server SSL Client authentication Support.
-
About OpenERP server's SSL Client authentication Support..
netsvr.py<br />.....<br /><br />class SSLSocket(object):<br /> def __init__(self, socket):<br /> if not hasattr(socket, 'sock_shutdown'):<br /> from OpenSSL import SSL<br /> from OpenSSL import crypto # add by mrshelly<mrshelly at hotmail.com><br /> ctx = SSL.Context(SSL.SSLv23_METHOD)<br /> if not tools.config['SSLVerifyClient'] :<br /> ctx.use_privatekey_file(tools.config['secure_pkey_file'])<br /> ctx.use_certificate_file(tools.config['secure_cert_file'])<br /> else:<br /> # add by mrshelly<mrshelly at hotmail.com> block<br /> ctx.use_privatekey_file(tools.config['secure_pkey_file'])<br /> ctx.use_certificate_file(tools.config['secure_cert_file']')<br /><br /> x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config['secure_ca_cert_file']).read()) #maybe add "secure_ca_cert_file = Your Ca Cert file path' and "SSLVerifyClient = True" node to your openerp-server.conf file...<br /> store = ctx.get_cert_store()<br /> store.add_cert(x509)<br /> ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)<br /> # add by mrshelly<mrshelly at hotmail.com> block<br /><br /> self.socket = SSL.Connection(ctx, socket)<br /> else:<br /> self.socket = socket<br />....<br />
And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file". restart the OpenERP server..
And In your VBA Application to test it:<br /><br />Sub PutXML()<br /> <br />txtURL = "https://localhost:8069/xmlrpc/object"<br /> <br /> Dim objSvrHTTP As ServerXMLHTTP<br /> Dim strT As String<br /> Set objSvrHTTP = New ServerXMLHTTP<br /> <br /> objSvrHTTP.Open "POST", txtURL, False<br /> <br /> 'objSvrHTTP.setRequestHeader "Accept", "application/xml"<br /> objSvrHTTP.setRequestHeader "Content-Type", "text/xml"<br /> <br /> strT = "<?xml version=''1.0''?>"<br /> strT = strT & "<methodCall>"<br /> strT = strT & "<methodName>execute</methodName>"<br /> strT = strT & "<params>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><string>test</string></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><int>1</int></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><string>admin</string></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><string>res.users</string></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><string>read</string></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "<param>"<br /> strT = strT & "<value><array><data><value><int>1</int></value></data></array></value>"<br /> strT = strT & "</param>"<br /> <br /> strT = strT & "</params>"<br /> strT = strT & "</methodCall>"<br /> <br /> <br /> objSvrHTTP.send strT<br /> <br /> MsgBox objSvrHTTP.responseText<br /> <br />End Sub<br />
Have a good testing....
By mrshelly <mrshelly at hotmail.com> 2010/12/05 -
SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
P.S英语。。。。 -
直接用 apache 的 sslproxy 更方便
-
[quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
直接用 apache 的 sslproxy 更方便
[/quote]
嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..
