1

I am trying to create TLS connection with a server. My simple script is below. However, when I run it, I get this error:

 Traceback (most recent call last):
  File "tls_client.py", line 28, in <module>
    sslSocket.connect((domain, 443))
  File "C:\Python36\lib\ssl.py", line 1100, in connect
    self._real_connect(addr, False)
  File "C:\Python36\lib\ssl.py", line 1091, in _real_connect
    self.do_handshake()
  File "C:\Python36\lib\ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "C:\Python36\lib\ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)

The script:

   import socket, ssl
    context = ssl.SSLContext(protocol = ssl.PROTOCOL_TLS_CLIENT)
    context.set_ciphers('ECDHE-RSA-AES128-GCM-SHA256')
    context.verify_mode = ssl.CERT_OPTIONAL
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sslSocket = context.wrap_socket(s, server_hostname = 'www.google.com')
    sslSocket.connect((domain, 443))

What is the cause of the problem? I tried couple of websites like www.verisign.com but I also get the same error.

EDIT: I do not want to turn verify_mode off. I need it on. I think google.com and verisign.com have verifiable certificates.

EDIT 2: Based on a solution in the link provided: I run pip install certifi Then tried to run this command in Windows command but get an error:

>/Applications/Python\ 3.6/Install\ Certificates.comman
'/Applications/Python\' is not recognized as an internal or external command,
operable program or batch file.
user9371654
  • 2,160
  • 16
  • 45
  • 78
  • You don't want the accepted answer there (which is for a cross-platform Python 2.7 problem, rather than the Windows-specific 3.x problem, and explains how to do exactly what you don't want to do); scroll down to the Windows-specific answer, currently ranked third. (They really shouldn't all be piled into a single question like that, but…) – abarnert Apr 10 '18 at 23:51
  • You can also probably use the Mac solution (currently ranked second) even though you're not on a Mac, but you'll need to `pip install certifi` instead of finding it pre-installed. – abarnert Apr 10 '18 at 23:54
  • If you want to understand more about what's going on, see [here](https://stackoverflow.com/a/27826829/908494). (The details in that answer will not apply to you, but the way Steffen Ulrich gathered those details, and what they mean, are very similar.) – abarnert Apr 10 '18 at 23:56
  • I run `pip install certifi` but didn't help. – user9371654 Apr 11 '18 at 00:02
  • Just installing `certifi` won't do anything; you have to use `certifi` the way the linked answer describes after installing it. – abarnert Apr 11 '18 at 00:14

0 Answers0