跳转至内容
  • 版块
  • 标签
  • 热门
  • 用户
  • 群组
皮肤
  • 浅色
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • 深色
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • 默认(Flatly)
  • 不使用皮肤
折叠

Odoo 中文社区

  1. 主页
  2. 版块
  3. Odoo 开发与实施交流
  4. About OpenERP server SSL Client authentication Support.

About OpenERP server SSL Client authentication Support.

已定时 已固定 已锁定 已移动 Odoo 开发与实施交流
5 帖子 3 发布者 6.5k 浏览 1 关注中
  • 从旧到新
  • 从新到旧
  • 最多赞同
回复
  • 在新帖中回复
登录后回复
此主题已被删除。只有拥有主题管理权限的用户可以查看。
  • M 离线
    M 离线
    mrshelly
    发表于 最后由 编辑
    #1

    About OpenERP server's SSL Client authentication Support..

    netsvr.py

    <br />.....<br /><br />class SSLSocket(object):<br />&nbsp; &nbsp; def __init__(self, socket):<br />&nbsp; &nbsp; &nbsp; &nbsp; if not hasattr(socket, &#039;sock_shutdown&#039;):<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import SSL<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; from OpenSSL import crypto&nbsp; &nbsp; &nbsp;  # add by mrshelly&lt;mrshelly at hotmail.com&gt;<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx = SSL.Context(SSL.SSLv23_METHOD)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if not tools.config&#91;&#039;SSLVerifyClient&#039;] :<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_privatekey_file(tools.config&#91;&#039;secure_pkey_file&#039;])<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.use_certificate_file(tools.config&#91;&#039;secure_cert_file&#039;]&#039;)<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; x509 = crypto.load_certificate(crypto.FILETYPE_PEM, open(tools.config&#91;&#039;secure_ca_cert_file&#039;]).read())&nbsp; &nbsp;  #maybe add &quot;secure_ca_cert_file = Your Ca Cert file path&#039; and &quot;SSLVerifyClient = True&quot; node to your openerp-server.conf file...<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store = ctx.get_cert_store()<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; store.add_cert(x509)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *x:True)<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; # add by mrshelly&lt;mrshelly at hotmail.com&gt; block<br /><br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = SSL.Connection(ctx, socket)<br />&nbsp; &nbsp; &nbsp; &nbsp; else:<br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.socket = socket<br />....<br />
    



    And set the "secure = True", put your "secure_pkey_file", "secure_cert_file" and "secure_ca_cert_file".  restart the OpenERP server..

    And In your VBA Application to test it:

    <br /><br />Sub PutXML()<br /> <br />txtURL = &quot;https://localhost:8069/xmlrpc/object&quot;<br /> <br />&nbsp; Dim objSvrHTTP As ServerXMLHTTP<br />&nbsp; Dim strT As String<br />&nbsp; Set objSvrHTTP = New ServerXMLHTTP<br />&nbsp; <br />&nbsp; objSvrHTTP.Open &quot;POST&quot;, txtURL, False<br />&nbsp; <br />&nbsp; &#039;objSvrHTTP.setRequestHeader &quot;Accept&quot;, &quot;application/xml&quot;<br />&nbsp; objSvrHTTP.setRequestHeader &quot;Content-Type&quot;, &quot;text/xml&quot;<br />&nbsp; <br />&nbsp; strT = &quot;&lt;?xml version=&#039;&#039;1.0&#039;&#039;?&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodCall&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;methodName&gt;execute&lt;/methodName&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;params&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;test&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;admin&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;res.users&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;string&gt;read&lt;/string&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;param&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;value&gt;&lt;array&gt;&lt;data&gt;&lt;value&gt;&lt;int&gt;1&lt;/int&gt;&lt;/value&gt;&lt;/data&gt;&lt;/array&gt;&lt;/value&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/param&gt;&quot;<br />&nbsp; <br />&nbsp; strT = strT &amp; &quot;&lt;/params&gt;&quot;<br />&nbsp; strT = strT &amp; &quot;&lt;/methodCall&gt;&quot;<br />&nbsp; <br />&nbsp; <br />&nbsp; objSvrHTTP.send strT<br />&nbsp; <br />&nbsp; MsgBox objSvrHTTP.responseText<br /> <br />End Sub<br />
    



    Have a good testing....

    By mrshelly <mrshelly at hotmail.com> 2010/12/05

    1 条回复 最后回复
    0
    • JoshuaJ 离线
      JoshuaJ 离线
      Joshua
      管理员
      发表于 最后由 编辑
      #2

      SSL 双向验证,对安全性的大大提升, 谢谢shelly分享.
      P.S英语。。。。

      【上海先安科技】(joshua AT openerp.cn),欢迎关注公众号:openerp_cn

      1 条回复 最后回复
      0
      • O 离线
        O 离线
        oldrev
        发表于 最后由 编辑
        #3

        直接用 apache 的 sslproxy 更方便

        1 条回复 最后回复
        0
        • M 离线
          M 离线
          mrshelly
          发表于 最后由 编辑
          #4

          [quote author=oldrev link=topic=2231.msg7192#msg7192 date=1291696397]
          直接用 apache 的 sslproxy 更方便
          [/quote]

          嗯. 貌似 Gtk Client 不支持 SSL 的客户端验证..

          1 条回复 最后回复
          0

          你好!看起来您对这段对话很感兴趣,但您还没有一个账号。

          厌倦了每次访问都刷到同样的帖子?您注册账号后,您每次返回时都能精准定位到您上次浏览的位置,并可选择接收新回复通知(通过邮件或推送通知)。您还能收藏书签、为帖子顶,向社区成员表达您的欣赏。

          有了你的建议,这篇帖子会更精彩哦 💗

          注册 登录
          回复
          • 在新帖中回复
          登录后回复
          • 从旧到新
          • 从新到旧
          • 最多赞同


          • 登录

          • 没有帐号? 注册

          • 登录或注册以进行搜索。
          • 第一个帖子
            最后一个帖子
          0
          • 版块
          • 标签
          • 热门
          • 用户
          • 群组