1

Possible Duplicate:
Implementing Transport Layer Security in Python - Simple Mail Client

I keep getting this error...

ssl.SSLError: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

...in a simple mail client assignment which is to open a connection with a google smtp server. The problem almost certainly seems to be in the way I am forming the ssl.wrap_socket() method here....

 clientSocket = socket(AF_INET, SOCK_STREAM)
  ssl_clientSocket = ssl.wrap_socket(clientSocket,
          ca_certs = '/etc/ssl/certs/ca.pm',
          cert_reqs = ssl.CERT_REQUIRED)
  ssl_clientSocket.connect((mailserver, port))

.. but I can't really figure out exactly what the problem is, and I'm really not sure which .pm file to use in /etc/ssl/certs. I'm using ca.pm because I've seen it done that way in a few tutorials. Here is the remainder of the code for good measure....

from socket import *
import certifi
import ssl

msg = "\r\n I love computer networks!"
endmsg = "\r\n.\r\n"

# Choose a mail server (e.g. Google mail server) and call it mailserver
mailserver = "smtp.gmail.com"
port = 587

# Create socket called clientSocket and establish a TCP connection with mailserver
clientSocket = socket(AF_INET, SOCK_STREAM)
ssl_clientSocket = ssl.wrap_socket(clientSocket, 
        ca_certs = '/etc/ssl/certs/ca.pm',
        cert_reqs = ssl.CERT_REQUIRED) 
ssl_clientSocket.connect((mailserver, port))

###################################################################
print "got to here 1"
###############################################################

recv = ssl_clientSocket.recv(1024)
print
print recv

# If the first three numbers of what we receive from the SMTP server are not
# '220', we have a problem
if recv[:3] != '220':
    print '220 reply not received from server.'

# Send HELO command and print server response.
heloCommand = 'HELO Alice\r\n'
ssl_clientSocket.send(heloCommand)
recv1 = ssl_clientSocket.recv(1024)
print recv1

######################################################################
print "Got to here 2"
#####################################################################

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv1[:3] != '250':
    print '250 reply not received from server.'

# Send MAIL FROM command and print server response.
mailFromCommand = 'MAIL From: wgimson@gmail.com\r\n'
ssl_clientSocket.send(mailFromCommand)
recv2 = ssl_clientSocket.recv(1024)
print recv2

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv2[:3] != '250':
    print '250 reply not received from server.'

# Send RCPT TO command and print server response.
rcptToCommand = 'RCPT To: macyali@gmail.com\r\n'
ssl_clientSocket.send(rcptToCommand)
recv3 = ssl_clientSocket.recv(1024)
print recv3

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv3[:3] != '250':
    print '250 reply not received from server.'

# Send DATA command and print server response.
dataCommand = 'DATA\r\n'
ssl_clientSocket.send(dataCommand)
recv4 = ssl_clientSocket.recv(1024)
print recv4

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv4[:3] != '250':
    print '250 reply not received from server.'

# Send message data.
ssl_clientSocket.send(msg)

# Message ends with a single period.
ssl_clientSocket.send(endmsg)

# Send QUIT command and get server response.
quitCommand = 'QUIT\r\n'
ssl_clientSocket.send(quitCommand)
recv5 = ssl_clientSocket.recv(I1024)
print recv5

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv5[:3] != '221':
    print '221 reply not received from server.'
Community
  • 1
  • 1

1 Answers1

1
  • the error might be caused by a typo: '/etc/ssl/certs/ca.pm' -> '/etc/ssl/certs/ca.pem' i.e., the system can't find ca.pm file
  • '/etc/ssl/certs/ca.pem' doesn't contain necessary CA certs.

You could download cacert.pem from http://curl.haxx.se/ca/cacert.pem (it is more current) or use ca_certs = certifi.where() (I see import certifi in your code), example:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import smtplib
import socket
import ssl
import sys
from email.header    import Header
from email.mime.text import MIMEText
from getpass         import getpass

import certifi # $ pip install certifi

login, password = 'user@gmail.com', getpass('Gmail password:')
ca_certs = certifi.where()
##ca_certs = 'cacert.pem' # $ wget http://curl.haxx.se/ca/cacert.pem


class SMTP_SSL(smtplib.SMTP_SSL):
    """Add support for additional ssl options."""
    def __init__(self, host, port=0, **kwargs):
        self.ssl_kwargs = kwargs.pop('ssl_kwargs', {})
        self.ssl_kwargs['keyfile'] = kwargs.pop('keyfile', None)
        self.ssl_kwargs['certfile'] = kwargs.pop('certfile', None)
        smtplib.SMTP_SSL.__init__(self, host, port, **kwargs)

    def _get_socket(self, host, port, timeout):
        if self.debuglevel > 0:
            print>>sys.stderr, 'connect:', (host, port)
        new_socket = socket.create_connection((host, port), timeout)
        new_socket = ssl.wrap_socket(new_socket, **self.ssl_kwargs)
        self.file = smtplib.SSLFakeFile(new_socket)
        return new_socket

# create message
msg = MIMEText('message body…', _charset='utf-8')
msg['Subject'] = Header('subject…', 'utf-8')
msg['From'] = login
msg['To'] = login

# send it via gmail
s = SMTP_SSL('smtp.gmail.com', timeout=10,
             ssl_kwargs=dict(cert_reqs=ssl.CERT_REQUIRED,
                             ssl_version=ssl.PROTOCOL_SSLv3,
                             ca_certs=ca_certs))
s.set_debuglevel(1) # enable debug output
try:
    s.login(login, password)
    s.sendmail(msg['From'], msg['To'], msg.as_string())
finally:
    s.quit()
jfs
  • 399,953
  • 195
  • 994
  • 1,670