You need a secure web server code written in Python. You already have your SSL keys and certificate files ready with you.
You need to install the third-party Python module, pyOpenSSL. This can be grabbed from PyPI (https://pypi.python.org/pypi/pyOpenSSL). Both on Windows and Linux hosts, you may need to install some additional packages, which are documented at http://pythonhosted.org//pyOpenSSL/.
After placing a certificate file on the current working folder, we can create a web server that makes use of this certificate to serve encrypted content to the clients.
Listing 4.10 explains the code for a secure HTTP server as follows:
#!/usr/bin/env python
# Python Network Programming Cookbook -- Chapter - 4
# This program is optimized for Python 2.7.
# It may run on any other version with/without modifications.
# Requires pyOpenSSL and SSL packages installed
import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL
class SecureHTTPServer(HTTPServer):
def __init__(self, server_address, HandlerClass):
BaseServer.__init__(self, server_address, HandlerClass)
ctx = SSL.Context(SSL.SSLv23_METHOD)
fpem = 'server.pem' # location of the server private key and
the server certificate
ctx.use_privatekey_file (fpem)
ctx.use_certificate_file(fpem)
self.socket = SSL.Connection(ctx,
socket.socket(self.address_family, self.socket_type))
self.server_bind()
self.server_activate()
class SecureHTTPRequestHandler(SimpleHTTPRequestHandler):
def setup(self):
self.connection = self.request
self.rfile = socket._fileobject(self.request, "rb",
self.rbufsize)
self.wfile = socket._fileobject(self.request, "wb",
self.wbufsize)
def run_server(HandlerClass = SecureHTTPRequestHandler,
ServerClass = SecureHTTPServer):
server_address = ('', 4443) # port needs to be accessible by
user
server = ServerClass(server_address, HandlerClass)
running_address = server.socket.getsockname()
print "Serving HTTPS Server on %s:%s ..."
%(running_address[0], running_address[1])
server.serve_forever()
if __name__ == '__main__':
run_server()If you run this script, it will result in the following output:
$ python 4_10_https_server.py Serving HTTPS Server on 0.0.0.0:4443 ...
If you notice the previous recipes that create the web server, there is not much difference in terms of the basic procedure. The main difference is in applying the SSL Context() method with the SSLv23_METHOD argument. We have created the SSL socket with the Python OpenSSL third-party module's Connection() class. This class takes this context object along with the address family and socket type.
The server's certificate file is kept in the current directory, and this has been applied with the context object. Finally, the server has been activated with the server_activate() method.