In Python, I'm writing a simple FTP server and client that I want to secure with TLS. For that, I use the TLS/SSL wrapper offered by Python.
My problem is that I always get the following error at the moment the client runs socket.connect:
Exception has occurred: SSLCertVerificationError [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123) File "/work/Python/hsireportClient/hsireportClient.py", line 167, in f_socket.connect(f_server)
This is how I start listening on the server side:
from socketserver import ThreadingTCPServer
from app.mod_report.controlersTCP import tcpRequestHandler
import ssl
...
sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
sslcontext.load_cert_chain('/work/Python/hoaReport/ssl/hoizey_net.crt','/work/Python/hoaReport/ssl/certificat.key')
f_listen = ('0.0.0.0', 6667) # TODO : Paraméter le port en base de données
f_server=ThreadingTCPServer(f_listen, tcpRequestHandler)
f_server.socket=sslcontext.wrap_socket(f_server.socket, server_side=True)
f_server.serve_forever()
and how I connect to the server on the client side:
from socket import socket, AF_INET, SOCK_STREAM, IPPROTO_TCP, TCP_NODELAY
from ssl import SSLContext, PROTOCOL_TLS_CLIENT, CERT_REQUIRED
from certifi import where as certifi_where
...
# Creates SSL Context
f_context = SSLContext(PROTOCOL_TLS_CLIENT)
f_context.verify_mode=CERT_REQUIRED
f_context.load_verify_locations(cafile=path.relpath(certifi_where()), capath=None, cadata=None)
# Opens the socket and connets to the server
f_socket=socket(AF_INET, SOCK_STREAM)
f_socket=f_context.wrap_socket(f_socket, server_hostname=f_serverHost)
f_serverPort=int(f_serverPort)
f_server=(f_serverHost, f_serverPort)
f_socket.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
f_socket.setblocking(True)
f_socket.connect(f_server)
My server certificate has been signed by Comodo, and I checked the CA root certificate exists in the file certifi.where() points to.
Of course, everything works fine if I remove SSL wrapper.
I searched a lot about this problem, and I noticed it occurs quite frequently, but I couldn't find a solution, and I have to admit I don't understand what goes wrong.
Please, does anybody can help with this?
Thanks a lot.
With the help of Steffen Ullrich, I manage to get my certificates orking as expected.
I just had to add all intermediary certificate in my certificate file and that did the job.
Thanks a lot for your help
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.