问题
I have a SSL server in python to which I defined the following SSLContext:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(CACERTFILE)
context.load_cert_chain(CERTFILE,KEYFILE)
CERTFILE and KEYFILE contain a path to the server's certificate and private key. But you always have to provide a path to load_cert_chain().
I don't want to retrieve the private key from a file, but from a PKCS#11 wrapper like PyKCS11 or M2Crypto.
How does the context of the SSL socket has to look like, if I want to load the private key as a session object from PyKCS11 or as a PKey() object from M2Crypto. Can you give me an example?
I don't want to store the private key object from PyKCS/M2Crypto as a PEM-file or something else, because the private key should never leave the HSM.
Thank you
来源:https://stackoverflow.com/questions/38284445/python-provide-ssl-socket-with-private-key-from-pkcs11-wrapper