PyMongo使用入门(七)

TLS/SSL和PyMongo

import ssl

import pymongo
from pprint import pprint

from pymongo import ReadPreference
from pymongo.errors import BulkWriteError
from pymongo import MongoClient

#TLS/SSL and PyMongo
client = pymongo.MongoClient('example.com', ssl=True)
#同上
client = pymongo.MongoClient('mongodb://example.com/?ssl=true')

"""证书验证策略"""

"""缺省情况下，PyMongo被配置为从服务器需要一个证书被启用TLS时。
这是可配置的使用ssl_cert_reqs选项。要禁用这一要求传递ssl.CERT_NONE作为关键字参数："""

client = pymongo.MongoClient('example.com',
ssl=True,
ssl_cert_reqs=ssl.CERT_NONE)
#同上
uri = 'mongodb://example.com/?ssl=true&ssl_cert_reqs=CERT_NONE'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""指定CA文件"""
"""在某些情况下，你可能想PyMongo配置为使用一组特定的CA证书。使用“自签名”服务器证书时，这是最常见的情况。
该ssl_ca_certs选项将到CA文件的路径。它可以作为一个关键字参数传递："""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_ca_certs='/path/to/ca.pem')
"""同上"""
uri = 'mongodb://example.com/?ssl=true&ssl_ca_certs=/path/to/ca.pem'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""指定的证书吊销列表"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_crlfile='/path/to/crl.pem')

uri = 'mongodb://example.com/?ssl=true&ssl_crlfile=/path/to/crl.pem'
client = pymongo.MongoClient(uri)
"""-----------------------------------------------------------------------------"""
"""客户端证书
PyMongo可以配置为使用ssl_cert_file选项出示客户端证书：
"""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem')

"""如果客户端证书的私钥存储在一个单独的文件中使用ssl_keyfile的选项："""
client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem',
ssl_keyfile='/path/to/key.pem')

"""Python的2.7.9+（pypy2.5.1+）和3.3+支持提供密码或口令解密加密私钥。使用ssl_pem_passphrase选项"""
"""client = pymongo.MongoClient('example.com',
ssl=True,
ssl_certfile='/path/to/client.pem',
ssl_keyfile='/path/to/key.pem',
ssl_pem_passphrase=<passphrase>)"""