ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed Python
Question
I want to connect to the IRC, using SSL. I write in Python 2.7 . However, for the code below:
HOST = 'chat.freenode.net'
PORT = 7000
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
code = sock.connect_ex((HOST, PORT))
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations('COMODOECCCertificationAuthority.crt')
secure_sock = context.wrap_socket(sock)
PyCharm shows error in line secure_sock = context.wrap_socket(sock) what is wrong?
1 answers
solution1
1 ACCPTED 2017-06-04 17:32:56
context.load_verify_locations('COMODOECCCertificationAuthority.crt')
I don't know what is in the file COMODOECCCertificationAuthority.crt but it looks like you expecting a certificate signed by Comodo. But, the issuer for the certificate of chat.freenode.net is Let's Encrypt and not Comodo. You can get the chain for example with
$ openssl s_client -connect chat.freenode.net:7000
...
Certificate chain
0 s:/CN=cherryh.freenode.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
This means the root CA you need to trust is 'DST Root CA X3'. You can download the certificate for this CA here . If you add this as trusted in load_verify_locations it works.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.