I'm writing a simple server for a class and there is a 'creative' component, so I want to add SSL to it. I'm trying to wrap the connection in an SSLSocket, but I get two different errors that I can't make out. The first happens with Safari when I try to wrap the socket, and I get:
Traceback (most recent call last):
File "./junk.py", line 12, in <module>
connstream = ssl.wrap_socket(connected_socket,certfile="cert.pem",keyfile="cert.pem",server_side=True,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1,suppress_ragged_eofs=True)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 372, in wrap_socket
ciphers=ciphers)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 134, in __init__
self.do_handshake()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 296, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:503: EOF occurred in violation of protocol
When Safari tells the user that the certificate isn't valid (I created a self-signed cert via the command: openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
), and then once I tell it that the cert is alright, the next time it goes through.
However, with Firefox, I get a completely different error, and it happens when I try to read what the client (Firefox) sent to the server:
Traceback (most recent call last):
File "./junk.py", line 13, in <module>
recieved = connstream.read()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 151, in read
return self._sslobj.read(len)
ssl.SSLError: [Errno 1] _ssl.c:1354: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Below is the code that I used:
1 #!/usr/bin/python
2 import socket
3 import ssl
4
5 serverPort = 22222
6 serverSocket = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
7 serverSocket.bind( ( '127.0.0.1', serverPort ) )
8 serverSocket.listen( 10 )
9
10 while True:
11 connected_socket, from_addr = serverSocket.accept()
12 connstream = ssl.wrap_socket(connected_socket,certfile="cert.pem",keyfile="cert.pem",server_side=True,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1,suppress_ragged_eofs=True)
13 recieved = connstream.read()
14 print recieved
15 connstream.unwrap()
16 connected_socket.close()
Can anyone help me understand:
1) What these errors mean
2) Why I'm getting them
3) How I can go about fixing these
(I've searched in just about every way I can think of)
Thanks,
Andrew