1

I have the following simple python code, which is intended to perform an ssl handshake and validate certificates between a client and server:

ssl_test.py:

import ssl
import socket

s = socket.socket()
print "connecting..."
#logging.debug("Connecting")
# Connect with SSL mutual authentication
# We only trust our server's CA, and it only trusts user certificates signed by it
c = ssl.wrap_socket(s, cert_reqs=ssl.CERT_REQUIRED,
                    ssl_version=ssl.PROTOCOL_SSLv3, ca_certs='ca.crt',
                    certfile='user.crt', keyfile='user.key')
c.connect((constants.server_addr, constants.port))

When I execute this, I get the following error.

>python ssl_test.py
Traceback (most recent call last):
  File "ssl_test.py", line 12, in <module>
    c.connect(('192.168.1.82', 7070))
  File "C:\Python27\lib\ssl.py", line 331, in connect
    self._real_connect(addr, False)
  File "C:\Python27\lib\ssl.py", line 314, in _real_connect
    self.ca_certs, self.ciphers)
ssl.SSLError: [Errno 0] _ssl.c:340: error:00000000:lib(0):func(0):reason(0)

What does this error mean, and how do I resolve it?

ewok
  • 20,148
  • 51
  • 149
  • 254

2 Answers2

3

This looks like http://bugs.python.org/issue2687, where the following answer is given:

No, the problem is with your "ca_certs" argument on the client side. You can't use a directory. You must use a file containing a number of concatenated certificates. I'll beef up the documentation to make that clearer.

I see that your ca_certs is a file, not a directory, but perhaps this still sheds some light. Is the ca.crt file validly formatted and in the right place?

the paul
  • 8,972
  • 1
  • 36
  • 53
  • it may have been malformed. not sure how this happened, but I downloaded the cert directly from the server (I have ssh access) and used that one, and was able to make it work. thanks! – ewok May 17 '12 at 17:44
  • @ewok, you can check [this question](http://stackoverflow.com/q/10095676/372643) if you need a more general list of CA certificates. – Bruno May 17 '12 at 18:18
2

I am new to Python and ended up on this trail after doing a search for the original ssl.SSLError. I know this doesn't help the original poster, but it may help others with this error. Most of the Python examples use:

    ca_certs="/etc/ca_certs_file"

Since this file doesn't exist, you get this error. To use the system CA certificates on most recent versions of Linux use:

    ca_certs="/etc/ssl/certs/ca-certificates.crt"
wdschei
  • 21
  • 1