Hi, thanks for the answer, I solved the issue, the problem was in pem certificate not in requests library, it didn't had all the necessary keychain certificates (thats what this error was about: "error 20 at 0 depth lookup:unable to get local issuer certificate"). After adding all the necessary certificates I was able to connect to the server.
On 14 June 2014 12:15, Veres-Szentkiralyi Andras <[email protected]> wrote: > The first thing I'd do would be sniffing the network traffic with > Wireshark or tcpdump and look for differences between using the .pfx and > the .pem file. Even though we're speaking of an encrypted connecton, the > negotiation happens in plain, so you should be able to spot the problem. > > Two things that might cause the problem: > - missing SNI (look for it in the Client Hello packet, Python 2 > unfortunately has no support for it, and maybe the server expects is) > - using the PEM for server certificate verification, not as a client > certificate > > Could you post a short example on how you tried it with requests? > Do the PEM file contain both a PRIVATE KEY and a CERTIFICATE part? > > Cheers, > András Veres-Szentkirályi > > On Thu, Jun 12, 2014 at 05:48:53PM +0300, Bostan Constantin wrote: > > Hi, I'm developing a system in python that uses suds with requests > library > > to connect to a server over https with a given certificate in .pem > format. > > I had noticed that server respond to my connection with: "400 The SSL > > certificate error" although if I connect to the server using an installed > > locally .pfx certificate it connects without any errors. The .pem file > > used in the system was obtained from that working .pfx file using openssl > > command line: "openssl pkcs12 -in certificate.pfx -out certificate.pem > > -nodes". I had tried to connect using another library: urllib2 and still > > the same problem. When I verify my generated .pem file using "openssl > > verify certificate.pem" I'm obtaining the following error: "error 20 at 0 > > depth lookup:unable to get local issuer certificate". Therefore my > > questions are: > > > > Maybe I'm using the wrong library or certificate format to connect to the > > server. Does anyone have a demo code or a certificate example? And how to > > solve this bug: "error 20 at 0 depth lookup:unable to get local issuer > > certificate", is there a command line to solve this certificate bug ? > > > > Have a nice day. >
_______________________________________________ Soap mailing list [email protected] https://mail.python.org/mailman/listinfo/soap
