CODEWITHSUNDEEP
pythonpython-3.xsslopenssl
user3055017
user3055017

Reputation: 67

Python ssl default context throws bad file descriptor error

I have a very strange issue with ssl library in Python.

My Python version is 3.5.2.

All I'm doing is running the following three lines of code:

import ssl
ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=r'C:\_del\publicCert.pem', 
                            keyfile=r'C:\_del\privateKey.pem')

Calling the last line throws an error:

OSError: [Errno 9] Bad file descriptor

I was trying to find information on ssl library and "Bad file descriptor" error, but all I found were issues where connection was already established. I think in my case, it must have something to do either with the settings or the files themselves, since when I create_default_context and load_cert_chain there's no connection to the server yet.

My certificate/key files have the following structure:

privateKey.pem

Bag Attributes
localKeyID: ...
friendlyName: ...

Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: ...
DEK-Info: ...
...key content...
-----END RSA PRIVATE KEY-----

publicCert.pem

Bag Attributes
localKeyID: ...
friendlyName: ...
subject=...
issuer=...
-----BEGIN CERTIFICATE-----
... certificate content ...
-----END CERTIFICATE-----

Has anyone encountered such issue? Is it possible that the certificate I'm using is not compatible with OpenSSL version (0.9.8r)? The certificate uses SHA256 algorithm.

Additional information: When I'm using openssl and try to verify the certificate PEM file:
openssl verify C:\_del\certfile.pem
I'm getting the following error:
error 20 at 0 depth lookup:unable to get local issuer certificate

Upvotes: 0

Views: 2242

Answers (1)

user1274193
user1274193

Reputation: 1164

I encountered this issue myself, and couldn't find any answers online. Finally, I figured it out.

If you open your key file, and either:

  1. The first line looks like this: -----BEGIN ENCRYPTED PRIVATE KEY-----
  2. The Proc-Type contains the string Encrypted (which may be the case for OP, although he didn't tell us the Proc-Type)

...Then you must provide the password argument to the load_cert_chain() call in order to decrypt the private key. If you don't supply a password, you can get the Bad file descriptor error.

Upvotes: 1

Related Questions