socket.ssl with key files?

C

Chris Curvey

I need to use socket.ssl() to open a connection using key files. I
have been provided with a text file called cert_key_pem.txt containing
my keys that looks like this:

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDKwLuk/UpICOnZvH3mf9rFQvCkDPA8XQZLpa80Z0liMVYu4GQT
<snip>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICkTCCAfqgAwIBAgICNqUwDQYJKoZIhvcNAQEFBQAwgZ8xCzAJBgNVBAYTAlVT
<snip>
-----END CERTIFICATE-----

I see that socket.ssl takes "keyfile" and "certfile" parameters. So do
I just take the text file that I've been given and break it into two
files, then specify those file names when I open the connection? At
the moment, I'm getting

File "/usr/local/lib/python2.4/httplib.py", line 1070, in connect
ssl = socket.ssl(sock, self.key_file, self.cert_file)
File "/usr/local/lib/python2.4/socket.py", line 74, in ssl
return _realssl(sock, keyfile, certfile)
socket.sslerror: (1, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure')

Many thanks for any ideas!

-Chris
 
?

=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=

Chris said:
I see that socket.ssl takes "keyfile" and "certfile" parameters. So do
I just take the text file that I've been given and break it into two
files, then specify those file names when I open the connection?
Click to expand...

This might help, or it might not. If you have a passphrase on the
private key, somehow the passphrase needs to be provided as well,
but I'm unsure how.

This code is mostly untested, so you might have to modify _ssl.c
as well to make it work.

Regards,
Martin
 
C

Chris Curvey

thanks for the info.

1) Am I correct that I should just be splitting the files?
2) The passphrase question was in the back of my mind, but I guess I
need to move it to the front. Hopefully someone here will have an
idea. (I wonder if M2Crypto handles that?)

I guess it's better to know that the code is fairly untested, rather
than finding that out on my own.

-Chris
 
?

=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=

Chris said:
1) Am I correct that I should just be splitting the files?
Click to expand...

Nobody knows. Just try it and report whether it works.

Regards,
Martin
 
C

Chris Curvey

Rats, you beat me to it.

It seems to work if I just give the same, combined file as the argument
to both the key_file and cert_file parameters. (that's not to say that
it doesn't work if I do something else).

In my case, the passphrase is packaged up in the xml payload and sent
over.

Thank you everyone.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

bad certificate error 10
WSDL and SSL certification 0
Python SSL Socket issue 1
EXP(ORT) ciphers and M2Crypto/OpenSSL 0
Python 2.6 SSL module: Fails on key file error, with Errno 336265225,without a key file. 2
SSL problem... SSL23_GET_SERVER_HELLO:unknown protocol 5
TypeError: ssl() argument 1 must be _socket.socket,not _socketobject 0
TypeError: ssl() argument 1 must be _socket.socket,not _socketobject 0

Members online

Total: 56 (members: 3, guests: 53)
Robots: 296

Forum statistics

Threads
473,968
Messages
2,570,153
Members
46,699
Latest member
AnneRosen

Latest Threads

Top