New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot supply SSL client certificate #244

Closed
PeterBinney opened this Issue May 20, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@PeterBinney
Copy link

PeterBinney commented May 20, 2015

I am trying to access websites that require a SSL Client Certificate.

I am running on Windows (XP) using the 7.19.5.1 Windows distribution (pycurl-7.19.5.win32-py2.7.msi or pycurl-7.19.5.win32-py3.4.msi) under either python 2.7.6 or 3.4.0

But all the setopt mechanisms for specifying a client certificate are ignored and pycurl always uses the only (or first) client certificate in the Internet Explorer certificate store.

ie: any curl.setopt(curl.SSLCERT…) or curl.setopt(curl.SSLKEY…) is ignored.

I have googled for hours and tried all sort of combinations of these options to no avail.
My tests all connect to the site fine, but always present the wrong certificate (the one from the IE store).

To illustrate the code I am using, on the same PC I can access a site using curl.exe as:

curl -s --insecure --cacert ../rootAndCA.pem --cert ../ResMonitor.crt.pem:PassWord --key ../ResMonitor.key.pem --location --cookie-jar ./cookies.tmp https://wiki-uat.ib.internal

which presents the correct certificate. But, the following does not:

import pycurl
import io
import sys

def python2():
return sys.version_info[0] == 2 # 2 or 3

if python2():
import cStringIO
fPointer = cStringIO.StringIO()
else:
fPointer = io.BytesIO()

curl = pycurl.Curl()
curl.setopt(pycurl.WRITEFUNCTION, fPointer.write)
curl.setopt(pycurl.SSL_VERIFYPEER, False) # equivalent to curl's --insecure

curl.setopt(curl.CAINFO, "../rootAndCA.pem")

curl.setopt(curl.SSLCERT, "../ResMonitor.crt.pem")
curl.setopt(curl.SSLCERTPASSWD, "PassWord")
curl.setopt(curl.SSLKEY, "../ResMonitor.key.pem")

curl.setopt(pycurl.FOLLOWLOCATION, 1) ## cf: --location
curl.setopt(pycurl.COOKIEFILE, './curly-py.cookies') ## cf: --cookie-jar
curl.setopt(curl.URL, "https://wiki-uat.ib.internal")
curl.perform()

print("Response code: " + str(curl.getinfo(pycurl.RESPONSE_CODE)))

if python2():
lastBuf = fPointer.getvalue()
else:
lastBuf = fPointer.getvalue().decode('utf-8')
fPointer.close()
print("Content: " + lastBuf)

@p

This comment has been minimized.

Copy link
Member

p commented May 20, 2015

Per the mailing list posts, please enable the VERBOSE option and please send the resulting output to the mailing list.

http://curl.haxx.se/mail/curlpython-2015-05/

It is possible that winssl backend does not support what you are trying to do.

@p p closed this May 20, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment