Error using httlib's HTTPSConnection with PKCS#12 certificate

Discussion in 'Python' started by Rémi, Apr 13, 2010.

  1. Rémi

    Rémi Guest

    I'm trying to use httplib's HTTPSConnection for client validation,
    using a PKCS #12 certificate. I know the certificate is good, as I
    can connect to the server using it in MSIE and Firefox.

    Here's my connect function (the certificate includes the private key).
    I've pared it down to just the basics:

    def connect(self, cert_file, host, usrname, passwd):
    self.cert_file = cert_file
    self.host = host

    self.conn = httplib.HTTPSConnection(host=self.host, port=self.port,
    key_file=cert_file, cert_file=cert_file)

    self.conn.putrequest('GET', 'pathnet/,DanaInfo=200.222.1.1+')
    self.conn.endheaders()
    retCreateCon = self.conn.getresponse()

    if is_verbose:
    print "Create HTTPS connection, " + retCreateCon.read()

    # ...


    (Note: the request path is correct, as I connect to it in MSIE and
    Firefox. I changed the IP address for the post.)

    When I try to run this using a PKCS#12 certificate (a .pfx file), I
    get back what appears to be an openSSL error. Here is the entire error
    traceback:

    File "Usinghttplib_Test.py", line 175, in <module>
    t.connect(cert_file=opts["-keys"], host=host_name, usrname=opts["-
    username"], passwd=opts["-password"])
    File "Usinghttplib_Test.py", line 40, in connect
    self.conn.endheaders()
    File "c:\python26\lib\httplib.py", line 904, in endheaders
    self._send_output()
    File "c:\python26\lib\httplib.py", line 776, in _send_output
    self.send(msg)
    File "c:\python26\lib\httplib.py", line 735, in send
    self.connect()
    File "c:\python26\lib\httplib.py", line 1112, in connect
    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
    File "c:\python26\lib\ssl.py", line 350, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs)
    File "c:\python26\lib\ssl.py", line 113, in __init__
    cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336265225]
    _ssl.c:337: error:140B0009:SSL
    routines:SSL_CTX_use_PrivateKey_file:pEM lib


    Notice, the openSSL error notes "PEM lib", which I found odd, since
    I'm not trying to use a PEM certificate.

    For kicks, I converted the PKCS#12 cert to a PEM cert, and ran the
    same code using *that*. In that case, I received no error, I was
    prompted to enter the PEM pass phrase, and the code did attempt to
    reach the server. (I received the response "The service is not
    available. Please try again later.", but I believe that would be
    because the server does not accept the PEM cert. I can't connect in
    Firefox to the server using the PEM cert either.)

    Is httplib's HTTPSConnection supposed to support PCKS#12
    certificates? (That is, pfx files.) If so, why does it look like
    openSSL is trying to load it inside the PEM lib? Am I doing this all
    wrong?

    Any advice is welcome.

    Regards,
    Remi.
    Rémi, Apr 13, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Xander Uiterlinden

    software only PKCS#11 implementation

    Xander Uiterlinden, Aug 5, 2003, in forum: Java
    Replies:
    1
    Views:
    768
    Roedy Green
    Aug 5, 2003
  2. Mailing List SVR

    HTTPSConnection: client certificate auth

    Mailing List SVR, Jan 31, 2009, in forum: Python
    Replies:
    0
    Views:
    758
    Mailing List SVR
    Jan 31, 2009
  3. Ned Deily
    Replies:
    5
    Views:
    463
  4. Magnus Bodin
    Replies:
    3
    Views:
    291
    Magnus Bodin
    Mar 20, 2005
  5. Marc Aymerich

    Loading a PKCS#1 public key using M2Crypto

    Marc Aymerich, Jan 16, 2013, in forum: Python
    Replies:
    5
    Views:
    211
    Piet van Oostrum
    Jan 17, 2013
Loading...

Share This Page