0

I am trying to connect to an HTTPS WS with a python client using PEM file and httplib

here is the code 

# HTTPS connection with python
#!/usr/bin/env python

import httplib , urllib 

CERTFILE = 'path_to_pem_file'
hostname = 'IP_address:Port_number'

headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"}

Json_data = {
    "amountTransaction": {
        some json data .. 
    }
}

params = urllib.urlencode(Json_data)

conn = httplib.HTTPSConnection(
    hostname,
    key_file = CERTFILE,
    cert_file = CERTFILE 
)


conn.request("POST", '/url_to_call', params, headers)



print conn.getreponse().read()

print response.status, response.reason
conn.close()

but I am receiving the following errror, 

SSLError: [Errno 336265225] _ssl.c:354: error:140B0009:SSL        
routines:SSL_CTX_use_PrivateKey_file:PEM lib

could you please check what's wrong

Mohamed Ali JAMAOUI
  • 14,275
  • 14
  • 73
  • 117

1 Answers1

1

cert_file and key_file are used for client authentication against the server and must contain the certificate and the matching private key. I would interpret the error message, that either there is no key in the PEM file, it does not match the certificate or it is password protected and thus cannot be read.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • thanks for answering, I only have a BEGIN CERTIFICATE entry in the file. I don't have a private key. Is it possible to have the authentication work without a private key – Mohamed Ali JAMAOUI Aug 19 '14 at 10:45
  • No. If you want to authenticate yourself you not only need the certificate (which is public) but also the key (which only you should have). But, are you sure that you want to have client authentication at all instead of only verifying that the server is the correct one? – Steffen Ullrich Aug 19 '14 at 12:16
  • how may I do the verification in python httplib? – Mohamed Ali JAMAOUI Aug 19 '14 at 12:25
  • see http://stackoverflow.com/questions/6648952/urllib-and-validation-of-server-certificate. More comfortable to use is the [requests library](http://www.python-requests.org/). – Steffen Ullrich Aug 19 '14 at 12:32
  • Is there a way to implement this validation in httplib since I don't cannot install the requests library on my desktop – Mohamed Ali JAMAOUI Aug 19 '14 at 12:55
  • Yes, and [this](http://stackoverflow.com/questions/6648952/urllib-and-validation-of-server-certificate) is the same link as in my previous comment. – Steffen Ullrich Aug 19 '14 at 13:14