New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with getpeercert in the ssl module when retrieving client side certs #52901
Comments
I originally had this problem when writing my IRCd, but then tested it in a basic script. The problem is that getpeercert() is always returning None when executed on the server side, even when the client is using an ssl cert. I have included an example in the attachment. Just run sslserver.py in one terminal window, and then run sslclient.py in the other. I also included the two fresh ssl certs and keys I used. In client.txt and server.txt I put the commands I used to generate the ssl certs and keys. |
You must use either ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED if you want to retrieve the client certificate. I admit this makes the getpeercert() API a bit strange, and I'm not sure why the original decision was made. Can you confirm this fixes your issue? |
When I use the argument to make certs optional, it gave me an error saying it need the ca certs, so I downloaded them and specified to use them, and now I am getting errors from ssl.c Here's the error on the server side: westly@westly-desktop ~/Desktop/ssltest $ python sslserver.py
Traceback (most recent call last):
File "sslserver.py", line 8, in <module>
conn, addr, = a.accept()
File "/usr/lib/python2.6/ssl.py", line 326, in accept
suppress_ragged_eofs=self.suppress_ragged_eofs),
File "/usr/lib/python2.6/ssl.py", line 118, in __init__
self.do_handshake()
File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:480: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Here's the error on the client side: westly@westly-desktop ~/Desktop/ssltest $ python sslclient.py
Traceback (most recent call last):
File "sslclient.py", line 4, in <module>
a.connect(("127.0.0.1", 112233))
File "/usr/lib/python2.6/ssl.py", line 309, in connect
self.do_handshake()
File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca I got the ca certs from http://www.positivessl.com/ssl-certificate-support/cert_installation/UTN-USERFirst-Hardware.crt which is from a link the the ssl module docs. I have attached the modified scripts. |
You have to specify the CA cert corresponding to the Certificate However, in this case, you have self-signed the certificate; so the only |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: