CODEWITHSUNDEEP
pythonsslhttpsssl-certificate
Lunchbox
Lunchbox

Reputation: 2156

SSL verification python server/python

I am trying to write an https server and client. I have created a CA along with a private key and a self signed certificate for testing.

Here is my test server:

#!/usr/bin/env python

import socket, os
from SocketServer import BaseServer
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from SimpleHTTPServer import SimpleHTTPRequestHandler
from OpenSSL import SSL

CERTIFICATE_PATH = os.getcwd() + '/CA/cacert.pem'
KEY_PATH = os.getcwd() + '/CA/private/key.pem'


class SecureHTTPServer(HTTPServer):
    def __init__(self, server_address, HandlerClass):
        BaseServer.__init__(self, server_address, HandlerClass)
        ctx = SSL.Context(SSL.SSLv23_METHOD)

        ctx.use_privatekey_file(KEY_PATH)
        ctx.use_certificate_file(CERTIFICATE_PATH)

        self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))

        self.server_bind()
        self.server_activate()

class MemberUpdateHandler(SimpleHTTPRequestHandler):
    def setup(self):
        self.connection = self.request
        self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
        self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)

    def do_GET(self):
        try:
            print 'path:', self.path
            print self.path.endswith('.txt')
            if self.path.endswith('.txt'):
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("successful")
                return
            else:
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write("not successful")
        except IOError:
            self.send_error(404, 'What you talking about willis?')


def test(HandlerClass = MemberUpdateHandler,
         ServerClass = SecureHTTPServer):
    server_address = ('', 4242)
    httpd = ServerClass(server_address, HandlerClass)
    sa = httpd.socket.getsockname()
    print "serving HTTPS on:", sa[0], "port:", sa[1], "..."
    httpd.serve_forever()

if __name__ == '__main__':
    test()

and my simple client:

#!/usr/bin/env python

import os
import httplib
import socket

KEY_FILE = os.getcwd() + '/CA/private/key.pem'
CERT_FILE = os.getcwd() + '/CA/certs/01.pem'
GET = "GET"


conn = httplib.HTTPSConnection('0.0.0.0', '4242', cert_file = CERT_FILE)

conn.request(GET, "/this.txt")
response = conn.getresponse()
print response.status, response.reason, response.read()

conn.close()

My problem arises when I try to add the cert_file = CERT_FILE if I remove that from the call, it works. But I don't think I am getting the validation I want.

Here is the error I get when trying:

On the server side:

Exception happened during processing of request from ('127.0.0.1', 55283)
Traceback (most recent call last):
File "/usr/lib/python2.6/SocketServer.py", line 281, in _handle_request_noblock
  self.process_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 307, in process_request
  self.finish_request(request, client_address)
File "/usr/lib/python2.6/SocketServer.py", line 320, in finish_request
  self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.6/SocketServer.py", line 615, in __init__
  self.handle()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle
  self.handle_one_request()
File "/usr/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request
 self.raw_requestline = self.rfile.readline()
File "/usr/lib/python2.6/socket.py", line 406, in readline
 data = self._sock.recv(self._rbufsize)
Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]

And from the client:

File "HTTPSClient.py", line 19, in <module>
conn.request(GET, "/this.txt")
File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 1112, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib/python2.6/ssl.py", line 350, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib/python2.6/ssl.py", line 113, in __init__
cert_reqs, ssl_version, ca_certs)
ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

What file am I supposed to send there? I have a CA certificate, a signed certificate and a private key. The documentation I have been able to find is quite sparse.

Upvotes: 0

Views: 2885

Answers (1)

Victor Ronin
Victor Ronin

Reputation: 23268

Based on this [documentation][1] 

class httplib.HTTPSConnection(host[, port[, key_file[, cert_file[, strict[, timeout[, source_address]]]]]])
A subclass of HTTPConnection that uses SSL for communication with secure servers. Default port is 443. key_file is the name of a PEM formatted file that contains your private key. cert_file is a PEM formatted certificate chain file.

**Warning This does not do any verification of the server’s certificate.**

I am not sure (not experienced with Python), but I believe key_file and cert_file are for client side authentication.

And you can take a look at this link regarding certificate validation: http://code.activestate.com/recipes/577548-https-httplib-client-connection-with-certificate-v/

Upvotes: 2

Related Questions