➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2014-06-23 19:11 by David.M.Noriega, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Messages (4) | |||
|---|---|---|---|
| msg221373 - (view) | Author: David M Noriega (David.M.Noriega) | Date: 2014-06-23 19:11 | |
When trying to use python3-ldap package on Windows 7, found I could not get a TLS connection to work and traced it to its use of ssl.wrap_socket. Trying out the following simple socket test fails
import socket
import ssl
sock = socket.socket()
sock.connect(("host.name", 636))
ssl = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"C:path\to\cert\file")
Traceback (most recent call last):
File "<pyshell#4>", line 1, in <module>
sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"F:\Downloads\csbc-cacert.pem")
File "C:\Python34\lib\ssl.py", line 888, in wrap_socket
ciphers=ciphers)
File "C:\Python34\lib\ssl.py", line 511, in __init__
self._context.load_verify_locations(ca_certs)
ssl.SSLError: unknown error (_ssl.c:2734)
This code works on Windows XP(and of course linux) and I'm able to use getpeercert()
A workaround I was able to figure out was to use ssl.SSLContext in conjunction with Windows central certificate store. By first loading my CA cert into the trusted root cert store, I could use SSLContext.load_default_certs() to create an ssl socket.
|
|||
| msg221389 - (view) | Author: Josh Rosenberg (josh.r) *  |
Date: 2014-06-24 01:05 | |
Are you 100% sure your CA files is in the precise PEM format required by Python for CA certs, as described in https://docs.python.org/3/library/ssl.html#ssl-certificates ? The most likely cause of your failure and success would be if you were using some other cert format that Windows could load that wasn't PEM. Also, side-note, you messed up your path when you attempted to anonymize it (you omitted the backslash after C:). Of course, you didn't anonymize it in the error output, so I can tell the original path was not messed up. |
|||
| msg221468 - (view) | Author: David M Noriega (David.M.Noriega) | Date: 2014-06-24 15:25 | |
Oops, thats what I get for running with scissors. Yes, the cert file is in pem format. Its the same file in use on my ldap server and all my servers and workstations that authenticate against it. I have an existing python 2.x script using the python-ldap(different from python3-ldap) module that uses this exact same file and works correctly. I've tested with the socket code above on python 2 and 3 and it works on my linux systems and on Windows XP. I only get this error on a Windows 7 system. |
|||
| msg275032 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2016-09-08 14:57 | |
The ticket hasn't been updated in two years. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:05 | admin | set | github: 66029 |
| 2016-09-08 14:57:53 | christian.heimes | set | status: open -> closed resolution: out of date messages: + msg275032 |
| 2014-06-24 15:25:17 | David.M.Noriega | set | messages: + msg221468 |
| 2014-06-24 01:05:29 | josh.r | set | nosy:
+ josh.r messages: + msg221389 |
| 2014-06-23 20:00:37 | ned.deily | set | nosy:
+ christian.heimes |
| 2014-06-23 19:11:02 | David.M.Noriega | create | |