Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL client certificates fail #567

Open
plockaby opened this issue May 14, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@plockaby
Copy link

commented May 14, 2019

I'm not sure if this worked in previous versions and just broke or if it is has always been broken but here it goes. Using Python 3.6.8 and Eventlet 0.24.1. This code works without eventlet and successfully connects to a remote host using a client certificate:

import socket
import ssl

ctx = ssl.SSLContext()
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.check_hostname = True
ctx.load_verify_locations("/usr/local/ssl/certs/ca.pem")
ctx.load_cert_chain("/usr/local/ssl/certs/near.example.com.pem")

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
    with ctx.wrap_socket(sock, server_hostname="far.example.com") as ssock:
        ssock.connect(("far.example.com", 3278))
        ssock.sendall(bytes("hello", "utf-8"))

But if this is prefixed then it no longer works:

import eventlet
eventlet.monkey_patch()

import socket
import ssl
...

I get this exception:

Traceback (most recent call last):
  File "<stdin>", line 3, in <module>
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/ssl.py", line 329, in connect
    self.do_handshake()
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/ssl.py", line 260, in do_handshake
    super(GreenSSLSocket, self).do_handshake)
  File "/home/plockaby/venv/lib/python3.6/site-packages/eventlet/green/ssl.py", line 109, in _call_trampolining
    return func(*a, **kw)
  File "/usr/local/python-3.6.8/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/local/python-3.6.8/lib/python3.6/ssl.py", line 692, in do_handshake
    raise ValueError("check_hostname needs server_hostname "
ValueError: check_hostname needs server_hostname argument

Any insight would be helpful.

@mutesplash

This comment has been minimized.

Copy link

commented May 22, 2019

sslobj = context._wrap_socket(self, server_side)

Changing this to:

sslobj = context._wrap_socket(self, server_side, server_hostname = self.server_hostname)

Seems to fix the problem using the example

@plockaby

This comment has been minimized.

Copy link
Author

commented Jun 6, 2019

The fix given by @mutesplash does indeed fix my problem so I've given you a pull request to implement it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.