-
Notifications
You must be signed in to change notification settings - Fork 350
Setting up an https server with SimpleHTTPServer and ssl.wrap_socket (): X509 certificate is not read #1295
Comments
Okay, I got past this issue. The problem is that IronPython understands exactly one format for certificates (PEM-encoded x509) and one for private keys (DER-encoded PKCS#1) - refert to https://github.com/IronLanguages/main/blob/ipy-2.7-maint/Languages/IronPython/IronPython.Modules/_ssl.cs . To generate these files, do
In Python, do If you supply these formats, they can be read, but you'll get another error: "the credentials supplied to the package were not recognized" This seems to be due to the fact the the certificate and key need to be in Windows' certificate store and of course Windows can import neither PEM-encoded x509 keys nor DER-encoded PKCS#1 keys... So I'm IMHO left with these choices:
|
Do you have a proposed solution to the problem? |
Extend ssl.wrap_socket() / ssl.SSLSocket / _ssl.wrap_socket() such that certificates and keys from the Windows Certificate Store can be used. This seems to required anyways further down the road. |
I have code to load the certs from the windows store now. I need to retest this scenario still. |
This issue was moved to IronLanguages/ironpython2#100 |
I tried setting up an https server as described here: http://www.piware.de/2011/01/creating-an-https-server-in-python/comment-page-1/#comment-507199
The problem: Upon receiving a request, the server throws an error: "The server mode SSL must use a certificate with the associated private key." According to google/stackoverflow, this problem is solved by using class X509Certificate2 instead of X509Certificate.
http://stackoverflow.com/questions/23044914/c-sharp-ssl-server-mode-must-use-a-certificate-with-the-corresponding-private-ke
http://stackoverflow.com/questions/14214396/how-to-create-a-certificate-to-use-with-sslstream-authenticateasserver-without-i
I tried key and certificate in the same and in different files:
And corresponding variants of the wrap_socket() call:
The text was updated successfully, but these errors were encountered: