Python SSL Server SSLSocket SSLError when accessed via Safari and Firefox
I'm writing a simple server for a class, and there is a "creative" component, so I want to add SSL to it. I am trying to bind a connection in SSLSocket, but I am getting two different errors that I cannot parse. The first happens with Safari when I try to wrap a socket and I get:
Traceback (most recent call last):
File "./junk.py", line 12, in <module>
connstream = ssl.wrap_socket(connected_socket,certfile="cert.pem",keyfile="cert.pem",server_side=True,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1,suppress_ragged_eofs=True)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 372, in wrap_socket
ciphers=ciphers)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 134, in __init__
self.do_handshake()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 296, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 8] _ssl.c:503: EOF occurred in violation of protocol
When Safari informs the user that the certificate is not valid (I created a self-signed certificate via the command:) openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
and then when I say that the certificate is ok, the next time I view it,
However, with Firefox, I get a completely different error, and this happens when I try to read what the client (Firefox) has sent to the server:
Traceback (most recent call last):
File "./junk.py", line 13, in <module>
recieved = connstream.read()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 151, in read
return self._sslobj.read(len)
ssl.SSLError: [Errno 1] _ssl.c:1354: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Below is the code I used:
1 #!/usr/bin/python
2 import socket
3 import ssl
4
5 serverPort = 22222
6 serverSocket = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
7 serverSocket.bind( ( '127.0.0.1', serverPort ) )
8 serverSocket.listen( 10 )
9
10 while True:
11 connected_socket, from_addr = serverSocket.accept()
12 connstream = ssl.wrap_socket(connected_socket,certfile="cert.pem",keyfile="cert.pem",server_side=True,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1,suppress_ragged_eofs=True)
13 recieved = connstream.read()
14 print recieved
15 connstream.unwrap()
16 connected_socket.close()
Can someone help me understand:
1) What do these errors mean
2) Why do I get them
3) How can I fix these
(I've searched for everything I can think of)
Thank,
Andrew
source to share
Sorry I cannot comment yet: this is not intended to be answered.
Why always reinvent the wheel? I mean, if you want something python based, why not use Tornado? By the way, you can see how they solve this problem: http://www.tornadoweb.org/documentation/httpserver.html
People always seem to reinvent the wheel either for "educational purposes" or because existing solutions are too "bloated," "heavy," and so on. (well, to sum up "Not Invented Here"). It's a shame because the same thing happens over and over, usually in the wrong way.
Safari just doesn't honor the handshake, of course, because your certificate is self-signed. Firefox simply won't accept your certificate because it is itself signed. These errors are normal: the user must accept a "trusted" connection in the browser. Meanwhile, your server is receiving no response or rejection.
Take a look at Tornado to see how they deal with it. But I really think you are better off learning it, using it and contributing to it, rather than creating a completely new, dilapidated http server.