This code snippet throws exception below:
ctx = create_default_context()
co = open_connection(ip, port, family = AF_INET, ssl = ctx,
server_hostname = host)
yield from co
Throws:
- ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:598)
- Or sometimes "Unknown CA"
I'm using Debian Unstable. Infact, this worked fine before HeartBleed.
After disclosure of HeartBleed I began to get this exception for some sites.
And now I get it for all sites. Situation is same for both 3.4 and 3.4.1.rc1.
May it be a combination of:
- Mass certificate renewals around the net
- Lack of proper CA certificates on Debian during this period
- Bugs related to updates on OpenSsl, gnutls, etc
- Bugs in between python and openssl
- An Asyncio issue
- etc, etc.. ?
Your comments and experiences are welcome..
Regards, Imran
Traceback (most recent call last):
File "/_/_/_/xyz.py", line 666, in Open
return (yield from co)
File "/usr/lib/python3.4/asyncio/streams.py", line 61, in open_connection
lambda: protocol, host, port, **kwds)
File "/usr/lib/python3.4/asyncio/base_events.py", line 437, in
create_connection
sock, protocol_factory, ssl, server_hostname)
File "/usr/lib/python3.4/asyncio/base_events.py", line 453, in
_create_connection_transport
yield from waiter
File "/usr/lib/python3.4/asyncio/futures.py", line 348, in __iter__
yield self # This tells Task to wait for completion.
File "/usr/lib/python3.4/asyncio/tasks.py", line 370, in _wakeup
value = future.result()
File "/usr/lib/python3.4/asyncio/futures.py", line 243, in result
raise self._exception
File "/usr/lib/python3.4/asyncio/selector_events.py", line 598, in
_on_handshake
self._sock.do_handshake()
File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
failed (_ssl.c:598)
