yak
Reputation: 3940
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed Python
I want to connect to the IRC, using SSL. I write in Python 2.7. However, for the code below:
HOST = 'chat.freenode.net'
PORT = 7000
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
code = sock.connect_ex((HOST, PORT))
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations('COMODOECCCertificationAuthority.crt')
secure_sock = context.wrap_socket(sock)
PyCharm shows error in line secure_sock = context.wrap_socket(sock) what is wrong?
Upvotes: 0
Views: 1194
Answers (1)
Steffen Ullrich
Reputation: 123531
context.load_verify_locations('COMODOECCCertificationAuthority.crt')
I don't know what is in the file COMODOECCCertificationAuthority.crt but it looks like you expecting a certificate signed by Comodo. But, the issuer for the certificate of chat.freenode.net is Let's Encrypt and not Comodo. You can get the chain for example with
$ openssl s_client -connect chat.freenode.net:7000
...
Certificate chain
0 s:/CN=cherryh.freenode.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
This means the root CA you need to trust is 'DST Root CA X3'. You can download the certificate for this CA here. If you add this as trusted in load_verify_locations it works.
Upvotes: 1
Related Questions
- ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)
- Python requests SSL error - certificate verify failed
- Python - Certificate verify failed
- Python SSL CERTIFICATE_VERIFY_FAILED
- SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
- SSL error : routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
- SSLError Certificate verified failed
- Python SSL error CERTIFICATE_VERIFY_FAILED
- Python:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:646)
- How to solve SSL certificate error