bad certificate error
jakecjacobson
jakecjacobson at gmail.com
Wed Jul 29 11:07:34 EDT 2009
On Jul 29, 2:08 am, "Gabriel Genellina" <gagsl-... at yahoo.com.ar>
wrote:
> En Tue, 28 Jul 2009 09:02:40 -0300, Steven D'Aprano
> <st... at remove-this-cybersource.com.au> escribió:
>
>
>
> > On Mon, 27 Jul 2009 23:16:39 -0300, Gabriel Genellina wrote:
>
> >> I don't see the point on "fixing" either the Python script or httplib to
> >> accomodate for an invalid server certificate... If it's just for
> >> internal testing, I'd use HTTP instead (at least until the certificate
> >> is fixed).
>
> > In real life, sometimes you need to drive with bad brakes on your car,
> > walk down dark alleys in the bad part of town, climb a tree without a
> > safety line, and use a hammer without wearing goggles. We can do all
> > these things.
>
> > The OP has said that, for whatever reason, he needs to ignore a bad
> > server certificate when connecting to HTTPS. Python is a language where
> > developers are allowed to shoot themselves in the foot, so long as they
> > do so in full knowledge of what they're doing.
>
> > So, putting aside all the millions of reasons why the OP shouldn't accept
> > an invalid certificate, how can he accept an invalid certificate?
>
> Yes, I understand the situation, but I'm afraid there is no way (that I
> know of). At least not without patching _ssl.c; all the SSL negotiation is
> handled by the OpenSSL library itself.
>
> I vaguely remember a pure Python SSL implementation somewhere that perhaps
> could be hacked to bypass all controls. But making it work properly will
> probably require a lot more effort than installing a self signed
> certificate in the server...
>
> --
> Gabriel Genellina
I have it working and I want to thank everyone for their efforts and
very helpful hints. The error was with me and not understanding the
documentation about the cert_file & key_file. After using openssl to
divide up my p12 file into a cert file and a key file using the
instructions http://security.ncsa.uiuc.edu/research/grid-howtos/usefulopenssl.php.
I got everything working.
Again, much thanks.
Jake
More information about the Python-list
mailing list