Python server j2me client ssl socket handshake error

karzem karol.zemanek at gmail.com
Mon Jul 31 16:00:48 EDT 2006 

I try to write simple midlet in java to connect with my server which
monitors processes in my PC. I've written almost everything and now
I've spend 4 days trying to set up a connection between them. Without
ssl everything works fine.
Here is my fragment of server program:

def verify_cb(conn, cert, errnum, depth, ok):
    print 'Got certificate: %s' % cert.get_subject()
    return ok

HOST =  "192.168.1.30"
PORT = 5007              # Arbitrary non-privileged port
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ctx = SSL.Context(SSL.SSLv3_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_certificate_file('server.pem')
ctx.use_privatekey_file('server.pem')
ss = SSL.Connection(ctx,s)
ss.bind((HOST, PORT))
from src.xmlFunc import validateXml

while True :
    ss.listen(1)
    conn, addr = ss.accept()
    print 'Connected by', addr
    while True :
        _data = conn.recv(1024)
        print _data
        if not _data: break
        _data = "<request><type>req_auth</type></request>"
        conn.send(_data)
    conn.close()

in my client java application:

SecureConnection socket =
(SecureConnection)Connector.open("ssl://192.168.1.30:5007",Connector.READ_WRITE);

when I run server and client program the clients stops on line above.
Server accepts the connection and when I debug next line I get an
error:
[('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure') ,
('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]

What I know is that when I use : openssl s_client -connect
192.168.1.30:5007 -ssl3
the output is:
 CONNECTED(00000003)
depth=0 /C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
verify return:1
---
Certificate chain
 0 s:/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
   i:/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDEzCCAnygAwIBAgIJALjQF38yg5s8MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
BAYTAlBMMRAwDgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYTAe
Fw0wNjA3MjExMjE3MTJaFw0wNzA3MjExMjE3MTJaMGUxCzAJBgNVBAYTAlBMMRAw
DgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAwqnpUJmd/0Osw8GxMmDAaxIrjxOqKMOwmlTO8cFG
KOFaNJsPt3J8niCwO+Wr8dyndOYVE2qGXll93Kc4hC3EiSup5VRs+ZeFcqtjBTVF
lzRFDP6VXkbUg7Y+urAVAN+tJnk4WFU/saYaaL+tXQUEqTfJZSsM+1CvJQLYojHt
BosCAwEAAaOByjCBxzAdBgNVHQ4EFgQUYJkhg0zJx4Whi6xx+Ln+goCzQfowgZcG
A1UdIwSBjzCBjIAUYJkhg0zJx4Whi6xx+Ln+goCzQfqhaaRnMGUxCzAJBgNVBAYT
AlBMMRAwDgYDVQQIEwdzbGFza2llMREwDwYDVQQHEwhwc3pjenluYTEhMB8GA1UE
ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQDEwVhbG9oYYIJALjQ
F38yg5s8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAfayADZebF1W5
Vgbzx0J5Y3B6QvmzshVYetfg+XKIe44G+2YKTYFZ/Db0BKpgBJLGmPzB0ZeFh++A
UcjxKrxVKCRiqCpaADSf/RY4XrYfO9d6p/zS1P6LuPgiTEzvGpXu01wtIq054EkG
K1p2KEQB9N5DWw9whYk8M3H2LGaV00E=
-----END CERTIFICATE-----
subject=/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
issuer=/C=PL/ST=slaskie/L=pszczyna/O=Internet Widgits Pty Ltd/CN=aloha
---
No client certificate CA names sent
---
SSL handshake has read 985 bytes and written 329 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES256-SHA
    Session-ID:
BB7FEA77B05B6B52C7F887D7F55DD2E31022B56CA11A865BDB1D5B008CE8DB1A
Session-ID-ctx:
    Master-Key:
E40115FC6FA4AB99137AE92DFAF811F20E79563846A91410172416FE0324CF253AF82722ED41A56C4C7A9F0B3460F27B
    Key-Arg   : None
   Compression: 1 (zlib compression)
    Start Time: 1154375647
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---

I've read tons of tutorials and still have nothing what gives me the
solution of this problem.
I have Python 2.4.3 (#2, Apr 27 2006, 14:43:58)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] with OpenSSL 0.9.8a 11 Oct 2005

Can somebody help me... 
Best regards, Charles Zemanek

More information about the Python-list mailing list