python: APNs SSLError

Question

I am trying to send push notifications to iPhone via python as described here but I am getting the following error:

Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/omat/CA/server/ca/models.py", line 193, in push
    c.connect((host_name, 2195))
  File "/usr/lib/python2.6/ssl.py", line 307, in connect
    self.ca_certs)
SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:
  SSL_CTX_use_PrivateKey_file:PEM lib

The error is raised from within the python ssl module as the traceback says but the message doesn't sing to me. Any ideas on what might be wrong?

Thanks,

oMat

edit:

The certificate used is created from the certificate and the private key as follows:

openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12
openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12
cat apns-dev-cert.pem apns-dev-key.pem > apns-dev.pem

Answer 1

I ran into the same error message using PyAPNs. The example says to initiate it like this:

apns = APNs(use_sandbox=True, cert_file='cert.pem', key_file='key.pem')

Turns out the solution to my problem was to include the full system path for each .pem file:

cert_path = os.path.join(os.path.dirname(__file__), 'cert.pem')
key_path = os.path.join(os.path.dirname(__file__), 'key.pem')
apns = APNs(use_sandbox=True, cert_file=cert_path, key_file=key_path)

Answer 2

Here is how I get it working:

From within KeyChain export the following both in p12 format, without giving password:

• Apple Development Push Services certificate as cert.p12
• primary key under Apple Development Push Services as pkey.p12

In terminal go to the directory where you have exported the certificates and convert the p12 files to pem format and concatenate them as follows:

$ openssl pkcs12 -in pkey.p12 -out pkey.pem -nodes -clcerts
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
$ cat cert.pem pkey.pem > iphone_ck.pem

iphone_ck.pem is the certificate you need.