Python 2.6 SSL module: Fails on key file error, with Errno 336265225,without a key file.

Discussion in 'Python' started by John Nagle, Apr 19, 2010.

  1. John Nagle

    John Nagle Guest

    I'm starting to convert from M2Crypto to Python 2.6's SSL
    module. So I tried a trivial test:

    import ssl
    import socket
    certs = "d:/projects/sitetruth/certificates/cacert.pem"
    sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ssk = ssl.wrap_socket(sk, certfile=certs, cert_reqs=ssl.CERT_NONE)
    ssk.connect(("www.verisign.com",443))

    This is a basic HTTPS open sequence.

    This yields:

    Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "D:\python26\lib\ssl.py", line 307, in connect
    self.ca_certs)
    ssl.SSLError: [Errno 336265225] _ssl.c:337:
    error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:pEM lib

    The cert file is the same PEM file I use with M2Crypto, and it's
    derived from Firefox's cert file.

    Why am I getting a "private key" related error? I'm not submitting a keyfile,
    just a cert file.

    I've tried explicitly adding "keyfile=None" to the wrap_socket call, but
    that doesn't change anything.

    Python version: '2.6.1 (r261:67517, Dec 4 2008, 16:51:00) [MSC v.1500 32 bit
    (Intel)]'

    John Nagle
    John Nagle, Apr 19, 2010
    #1
    1. Advertising

  2. Re: Python 2.6 SSL module: Fails on key file error, with Errno336265225, without a key file.

    Le Sun, 18 Apr 2010 22:37:30 -0700, John Nagle a écrit :
    >
    > The cert file is the same PEM file I use with M2Crypto, and it's derived
    > from Firefox's cert file.
    >
    > Why am I getting a "private key" related error? I'm not submitting a
    > keyfile, just a cert file.


    I'm not an expert but this is what the SSL doc says:

    « The keyfile and certfile parameters specify optional files which
    contain a certificate to be used to identify the local side of the
    connection. »

    >From that, I understand that you need to specify both at the same time,

    and that one of them (probably the keyfile) needs to be a private key.
    Otherwise how would the local side identify itself?

    Perhaps you are using the wrong parameters and looking for ca_certs
    instead:

    « The ca_certs file contains a set of concatenated “certification
    authority†certificates, which are used to validate certificates passed
    from the other end of the connection. »
    Antoine Pitrou, Apr 19, 2010
    #2
    1. Advertising

  3. John Nagle

    John Nagle Guest

    Antoine Pitrou wrote:
    > Perhaps you are using the wrong parameters and looking for ca_certs
    > instead:


    That's right. Thanks.

    John Nagle
    John Nagle, Apr 19, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CW
    Replies:
    2
    Views:
    518
  2. viza

    &errno, sizeof errno

    viza, Sep 12, 2008, in forum: C Programming
    Replies:
    20
    Views:
    997
    Tim Rentsch
    Sep 14, 2008
  3. Glenn Linderman

    errno 22 instead of errno 2

    Glenn Linderman, Jan 28, 2009, in forum: Python
    Replies:
    0
    Views:
    362
    Glenn Linderman
    Jan 28, 2009
  4. Luke Venediger

    Erratic SSL Error: Could not establish secure channel for SSL/TLS

    Luke Venediger, Oct 11, 2004, in forum: ASP .Net Web Services
    Replies:
    7
    Views:
    389
    Dan Rogers
    Nov 17, 2004
  5. Brandon Simmons
    Replies:
    0
    Views:
    349
    Brandon Simmons
    Dec 22, 2010
Loading...

Share This Page