[issue21830] ssl.wrap_socket fails on Windows 7 when specifying ca_certs
David M Noriega
report at bugs.python.org
Mon Jun 23 21:11:02 CEST 2014
New submission from David M Noriega:
When trying to use python3-ldap package on Windows 7, found I could not get a TLS connection to work and traced it to its use of ssl.wrap_socket. Trying out the following simple socket test fails
import socket
import ssl
sock = socket.socket()
sock.connect(("host.name", 636))
ssl = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"C:path\to\cert\file")
Traceback (most recent call last):
File "<pyshell#4>", line 1, in <module>
sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=r"F:\Downloads\csbc-cacert.pem")
File "C:\Python34\lib\ssl.py", line 888, in wrap_socket
ciphers=ciphers)
File "C:\Python34\lib\ssl.py", line 511, in __init__
self._context.load_verify_locations(ca_certs)
ssl.SSLError: unknown error (_ssl.c:2734)
This code works on Windows XP(and of course linux) and I'm able to use getpeercert()
A workaround I was able to figure out was to use ssl.SSLContext in conjunction with Windows central certificate store. By first loading my CA cert into the trusted root cert store, I could use SSLContext.load_default_certs() to create an ssl socket.
----------
components: Windows
messages: 221373
nosy: David.M.Noriega
priority: normal
severity: normal
status: open
title: ssl.wrap_socket fails on Windows 7 when specifying ca_certs
versions: Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21830>
_______________________________________
More information about the Python-bugs-list
mailing list