Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Python (http://www.velocityreviews.com/forums/f43-python.html)
-   -   Python 2.6 SSL module: Fails on key file error, with Errno 336265225,without a key file. (http://www.velocityreviews.com/forums/t720866-python-2-6-ssl-module-fails-on-key-file-error-with-errno-336265225-without-a-key-file.html)

John Nagle 04-19-2010 05:37 AM

Python 2.6 SSL module: Fails on key file error, with Errno 336265225,without a key file.
 
I'm starting to convert from M2Crypto to Python 2.6's SSL
module. So I tried a trivial test:

import ssl
import socket
certs = "d:/projects/sitetruth/certificates/cacert.pem"
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssk = ssl.wrap_socket(sk, certfile=certs, cert_reqs=ssl.CERT_NONE)
ssk.connect(("www.verisign.com",443))

This is a basic HTTPS open sequence.

This yields:

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "D:\python26\lib\ssl.py", line 307, in connect
self.ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:337:
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

The cert file is the same PEM file I use with M2Crypto, and it's
derived from Firefox's cert file.

Why am I getting a "private key" related error? I'm not submitting a keyfile,
just a cert file.

I've tried explicitly adding "keyfile=None" to the wrap_socket call, but
that doesn't change anything.

Python version: '2.6.1 (r261:67517, Dec 4 2008, 16:51:00) [MSC v.1500 32 bit
(Intel)]'

John Nagle

Antoine Pitrou 04-19-2010 10:52 AM

Re: Python 2.6 SSL module: Fails on key file error, with Errno336265225, without a key file.
 
Le Sun, 18 Apr 2010 22:37:30 -0700, John Nagle a Ă©critÂ*:
>
> The cert file is the same PEM file I use with M2Crypto, and it's derived
> from Firefox's cert file.
>
> Why am I getting a "private key" related error? I'm not submitting a
> keyfile, just a cert file.


I'm not an expert but this is what the SSL doc says:

« The keyfile and certfile parameters specify optional files which
contain a certificate to be used to identify the local side of the
connection. »

>From that, I understand that you need to specify both at the same time,

and that one of them (probably the keyfile) needs to be a private key.
Otherwise how would the local side identify itself?

Perhaps you are using the wrong parameters and looking for ca_certs
instead:

« The ca_certs file contains a set of concatenated “certification
authority” certificates, which are used to validate certificates passed
from the other end of the connection. »



John Nagle 04-19-2010 04:35 PM

Re: Python 2.6 SSL module: Fails on key file error, with Errno 336265225,without a key file.
 
Antoine Pitrou wrote:
> Perhaps you are using the wrong parameters and looking for ca_certs
> instead:


That's right. Thanks.

John Nagle


All times are GMT. The time now is 06:37 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.