Title: Simple HTTP server supporting SSL secure communications
Submitter: Sebastien Martini (other recipes)
Last Updated: 2007/05/27
Version no: 1.3
Category: Web

Description:

This recipe describes how to set up a simple HTTP server supporting SSL secure communications. It extends the SimpleHTTPServer standard module to support the SSL protocol. With this recipe, only the server is authenticated while the client remains unauthenticated (i.e. the server will not request a client certificate). Thus, the client (typically the browser) will be able to verify the server identity and secure its communications with the server.

This recipe requires you already know the basis of SSL and how to set up OpenSSL. If it is not the case you should consult [1].

This recipe is mostly derived from the examples provided with the pyOpenSSL [2] sources.


In order to apply this recipe, follow these few steps:

1- Install the OpenSSL package [1] in order to generate key and certificate. Note: you probably already have this package installed if you are under Linux, or *BSD.

2- Install the pyOpenSSL package [2], it wraps the OpenSSL library. You'll need to import this module for accessing OpenSSL's components.

3- Generate a self-signed certificate compounded of a certificate and a private key for your server with the following command:

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

This must have output them both in the same file named server.pem

4- Assuming you saved this recipe in SimpleSecureHTTPServer.py, start the server (with the appropriate rights):

python SimpleSecureHTTPServer.py

5- Finally, open https://localhost with your browser, or https://localhost:port if your server listen a different port than 443.

[1] http://www.openssl.org
[2] http://pyopenssl.sourceforge.net

Source: Text Source

'''
SimpleSecureHTTPServer.py - simple HTTP server supporting SSL.

- replace fpem with the location of your .pem server file.
- the default port is 443.

usage: python SimpleSecureHTTPServer.py
'''
import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL


class SecureHTTPServer(HTTPServer):
    def __init__(self, server_address, HandlerClass):
        BaseServer.__init__(self, server_address, HandlerClass)
        ctx = SSL.Context(SSL.SSLv23_METHOD)
        #server.pem's location (containing the server private key and
        #the server certificate).
        fpem = '/path/server.pem'
        ctx.use_privatekey_file (fpem)
        ctx.use_certificate_file(fpem)
        self.socket = SSL.Connection(ctx, socket.socket(self.address_family,
                                                        self.socket_type))
        self.server_bind()
        self.server_activate()


class SecureHTTPRequestHandler(SimpleHTTPRequestHandler):
    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)


def test(HandlerClass = SecureHTTPRequestHandler,
         ServerClass = SecureHTTPServer):
    server_address = ('', 443) # (address, port)
    httpd = ServerClass(server_address, HandlerClass)
    sa = httpd.socket.getsockname()
    print "Serving HTTPS on", sa[0], "port", sa[1], "..."
    httpd.serve_forever()


if __name__ == '__main__':
    test()

Discussion: