The first thing I'd do would be sniffing the network traffic with Wireshark or tcpdump and look for differences between using the .pfx and the .pem file. Even though we're speaking of an encrypted connecton, the negotiation happens in plain, so you should be able to spot the problem.
Two things that might cause the problem: - missing SNI (look for it in the Client Hello packet, Python 2 unfortunately has no support for it, and maybe the server expects is) - using the PEM for server certificate verification, not as a client certificate Could you post a short example on how you tried it with requests? Do the PEM file contain both a PRIVATE KEY and a CERTIFICATE part? Cheers, András Veres-Szentkirályi On Thu, Jun 12, 2014 at 05:48:53PM +0300, Bostan Constantin wrote: > Hi, I'm developing a system in python that uses suds with requests library > to connect to a server over https with a given certificate in .pem format. > I had noticed that server respond to my connection with: "400 The SSL > certificate error" although if I connect to the server using an installed > locally .pfx certificate it connects without any errors. The .pem file > used in the system was obtained from that working .pfx file using openssl > command line: "openssl pkcs12 -in certificate.pfx -out certificate.pem > -nodes". I had tried to connect using another library: urllib2 and still > the same problem. When I verify my generated .pem file using "openssl > verify certificate.pem" I'm obtaining the following error: "error 20 at 0 > depth lookup:unable to get local issuer certificate". Therefore my > questions are: > > Maybe I'm using the wrong library or certificate format to connect to the > server. Does anyone have a demo code or a certificate example? And how to > solve this bug: "error 20 at 0 depth lookup:unable to get local issuer > certificate", is there a command line to solve this certificate bug ? > > Have a nice day. _______________________________________________ Soap mailing list [email protected] https://mail.python.org/mailman/listinfo/soap
