ssl certificate authentication in python

Question

I have been given the following code that should perform an ssl handshake and certificate authentication:

1   s = socket.socket()
2   print "connecting..."
3   logging.debug("Connecting")
4   # Connect with SSL mutual authentication
5   # We only trust our server's CA, and it only trusts user certificates signed by it
6   c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED,
7                       ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='ca.crt',
8                       certfile='user.crt', keyfile='user.key')
9   c.connect((constants.server_addr, constants.port))

I have 2 questions about this:

1. where do we specify the server/port to which we are connecting? are these arguments to socket.socket()?
2. I have a .p12 from which I extracted a cert and a key in pem format(see this question), and I assume that these correspond to user.crt and user.key (line 8), respectively. However, while I assume that ca.crt (line 7) is retrived from the certificate authority, how to I retrieve it?

If any part of the above code or my assumptions about it are incorrect, please let me know. Thanks!

Answer 1

1. Server address and port are specified as part of the socket address in line 9, specified as the parameter to connect.

2. Generally, you've acquired the CA certificate via some out-of-band method, then saved it locally. Linux systems generally have a bundle of certificates for well-known, trusted CAs available under /etc/ssl/certs or similar.