R
Rémi
I'm trying to use httplib's HTTPSConnection for client validation,
using a PKCS #12 certificate. I know the certificate is good, as I
can connect to the server using it in MSIE and Firefox.
Here's my connect function (the certificate includes the private key).
I've pared it down to just the basics:
def connect(self, cert_file, host, usrname, passwd):
self.cert_file = cert_file
self.host = host
self.conn = httplib.HTTPSConnection(host=self.host, port=self.port,
key_file=cert_file, cert_file=cert_file)
self.conn.putrequest('GET', 'pathnet/,DanaInfo=200.222.1.1+')
self.conn.endheaders()
retCreateCon = self.conn.getresponse()
if is_verbose:
print "Create HTTPS connection, " + retCreateCon.read()
# ...
(Note: the request path is correct, as I connect to it in MSIE and
Firefox. I changed the IP address for the post.)
When I try to run this using a PKCS#12 certificate (a .pfx file), I
get back what appears to be an openSSL error. Here is the entire error
traceback:
File "Usinghttplib_Test.py", line 175, in <module>
t.connect(cert_file=opts["-keys"], host=host_name, usrname=opts["-
username"], passwd=opts["-password"])
File "Usinghttplib_Test.py", line 40, in connect
self.conn.endheaders()
File "c:\python26\lib\httplib.py", line 904, in endheaders
self._send_output()
File "c:\python26\lib\httplib.py", line 776, in _send_output
self.send(msg)
File "c:\python26\lib\httplib.py", line 735, in send
self.connect()
File "c:\python26\lib\httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "c:\python26\lib\ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "c:\python26\lib\ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336265225]
_ssl.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file
EM lib
Notice, the openSSL error notes "PEM lib", which I found odd, since
I'm not trying to use a PEM certificate.
For kicks, I converted the PKCS#12 cert to a PEM cert, and ran the
same code using *that*. In that case, I received no error, I was
prompted to enter the PEM pass phrase, and the code did attempt to
reach the server. (I received the response "The service is not
available. Please try again later.", but I believe that would be
because the server does not accept the PEM cert. I can't connect in
Firefox to the server using the PEM cert either.)
Is httplib's HTTPSConnection supposed to support PCKS#12
certificates? (That is, pfx files.) If so, why does it look like
openSSL is trying to load it inside the PEM lib? Am I doing this all
wrong?
Any advice is welcome.
Regards,
Remi.
using a PKCS #12 certificate. I know the certificate is good, as I
can connect to the server using it in MSIE and Firefox.
Here's my connect function (the certificate includes the private key).
I've pared it down to just the basics:
def connect(self, cert_file, host, usrname, passwd):
self.cert_file = cert_file
self.host = host
self.conn = httplib.HTTPSConnection(host=self.host, port=self.port,
key_file=cert_file, cert_file=cert_file)
self.conn.putrequest('GET', 'pathnet/,DanaInfo=200.222.1.1+')
self.conn.endheaders()
retCreateCon = self.conn.getresponse()
if is_verbose:
print "Create HTTPS connection, " + retCreateCon.read()
# ...
(Note: the request path is correct, as I connect to it in MSIE and
Firefox. I changed the IP address for the post.)
When I try to run this using a PKCS#12 certificate (a .pfx file), I
get back what appears to be an openSSL error. Here is the entire error
traceback:
File "Usinghttplib_Test.py", line 175, in <module>
t.connect(cert_file=opts["-keys"], host=host_name, usrname=opts["-
username"], passwd=opts["-password"])
File "Usinghttplib_Test.py", line 40, in connect
self.conn.endheaders()
File "c:\python26\lib\httplib.py", line 904, in endheaders
self._send_output()
File "c:\python26\lib\httplib.py", line 776, in _send_output
self.send(msg)
File "c:\python26\lib\httplib.py", line 735, in send
self.connect()
File "c:\python26\lib\httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "c:\python26\lib\ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "c:\python26\lib\ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336265225]
_ssl.c:337: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file
EM libNotice, the openSSL error notes "PEM lib", which I found odd, since
I'm not trying to use a PEM certificate.
For kicks, I converted the PKCS#12 cert to a PEM cert, and ran the
same code using *that*. In that case, I received no error, I was
prompted to enter the PEM pass phrase, and the code did attempt to
reach the server. (I received the response "The service is not
available. Please try again later.", but I believe that would be
because the server does not accept the PEM cert. I can't connect in
Firefox to the server using the PEM cert either.)
Is httplib's HTTPSConnection supposed to support PCKS#12
certificates? (That is, pfx files.) If so, why does it look like
openSSL is trying to load it inside the PEM lib? Am I doing this all
wrong?
Any advice is welcome.
Regards,
Remi.