HTTPSConnection Problems

[John Glista]

Hello. I'm having a bit of a problem with the HTTPSConnection class.
It is part of the httplib module. I discovered that it is not
neccessary to specifiy a key and a certificate when opening an HTTPS
connection. I tested this with several sites, and successfully opened
https connections with them. However, I'm having problems with the
server I'm trying to connect to. It is a Novell Bordermanager server
that tunnels all Internet traffic here at my college. When first
accessing the web through mozilla, the Bordermanager server doesn't
see you as being authenticated, so it redirects you to a web login
page. Utlimately what I would like to do is have my python script
submit the CGI form with my username and password so I don't have to
type this in everytime. However, I'm having problems using the
HTTPSConnection class to connect to it. If I don't give it a key and
cert file i get the following error: socket.error: (104, 'Connection
reset by peer')....so it appears the sever doesn't want me to
connect. I did a port scan on the server to ensure that it was using
the default https port, and it is. What I don't understand is why the
HTTPSConnection is asking for a private key. The private key resides
on the server; clients do not have access to this. Clients use the
public key to decrypt the certificate. I tried creating a public key
file by looking at it in the certificate properties in mozilla, but
python still complians that it wants a private key. I do not have
access to the key. I do have the certificate, which i saved using IE
and used openssl to convert it to a PEM formated file (this is what
HTTPSConnection says it needs). Can anyone offer any help here?

 

[Ng Pheng Siong]

However, I'm having problems with the
server I'm trying to connect to. It is a Novell Bordermanager server
that tunnels all Internet traffic here at my college. When first
accessing the web through mozilla, the Bordermanager server doesn't
see you as being authenticated, so it redirects you to a web login
page.

Ho ho, a clone of the idiotic Cisco cut-thru proxy.

Utlimately what I would like to do is have my python script
submit the CGI form with my username and password so I don't have to
type this in everytime. However, I'm having problems using the
HTTPSConnection class to connect to it. If I don't give it a key and
cert file i get the following error: socket.error: (104, 'Connection
reset by peer')....so it appears the sever doesn't want me to
connect. I did a port scan on the server to ensure that it was using
the default https port, and it is.

Who is the 'peer' here? It may be your Bordermanager proxy.

This is my guess: the Bordermanager sends an "authentication required"
response to your program and httplib is thus asking you for the cert and
key. Read the source, use a desktop proxy, etc. to determine if this is
indeed so.

What I don't understand is why the
HTTPSConnection is asking for a private key. The private key resides
on the server; clients do not have access to this.

You're talking about the server's key and certificate. There are also
*client* keys and certificates: A server may demand a client produces a
certificate and demonstrates possession of the corresponding private key as
a means of authentication and authorisation.

My ZServerSSL, e.g., accepts client certificates in lieu of passwords for
authentication.

 

[John J. Lee]

According to John Glista <[email protected]>: [...]

What I don't understand is why the
HTTPSConnection is asking for a private key. The private key resides
on the server; clients do not have access to this.

You're talking about the server's key and certificate. There are also
*client* keys and certificates: A server may demand a client produces a
certificate and demonstrates possession of the corresponding private key as
a means of authentication and authorisation.

[...]

That's exactly what the key and cert are for in httplib. There is no
support for server auth.

I got this backwards too, until Martin v. Loewis set me straight.


John