Weil es ein eigenes ist, hole ich mir das erstmal vom Server und speichere das. Aber will nicht:
Code: Alles auswählen
#!/usr/bin/env python3
# coding: utf-8
import ssl
import http
SERVER_ADDR = "heise.de"
CERT_FILE = "%s.pem" % SERVER_ADDR
def download_cert(server_addr, cert_file):
# fetches the server’s certificate as a PEM-encoded string
pem_cert = ssl.get_server_certificate((SERVER_ADDR, 443))
with open(CERT_FILE, "w") as f:
f.write(pem_cert)
def verify_cert1(server_addr, cert_file):
context = ssl.SSLContext(
ssl.PROTOCOL_TLSv1
# ssl.PROTOCOL_SSLv23
)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(cert_file)
conn = http.client.HTTPSConnection(server_addr, 443, context=context)
conn.request("GET", "/")
response = conn.getresponse()
return response
def verify_cert2(server_addr, cert_file):
conn = http.client.HTTPSConnection(server_addr, 443, cert_file=cert_file)
conn.request("GET", "/")
response = conn.getresponse()
return response
print("fetches certificate from %r..." % SERVER_ADDR)
download_cert(SERVER_ADDR, CERT_FILE)
print("certificate saved into %r" % CERT_FILE)
print("verify %r certificate..." % SERVER_ADDR)
response1 = verify_cert1(SERVER_ADDR, CERT_FILE)
print(response1)
response2 = verify_cert2(SERVER_ADDR, CERT_FILE)
print(response2)
print("OK")
Code: Alles auswählen
conn.request("GET", "/")
File "/usr/lib/python3.3/http/client.py", line 1065, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python3.3/http/client.py", line 1103, in _send_request
self.endheaders(body)
File "/usr/lib/python3.3/http/client.py", line 1061, in endheaders
self._send_output(message_body)
File "/usr/lib/python3.3/http/client.py", line 906, in _send_output
self.send(msg)
File "/usr/lib/python3.3/http/client.py", line 844, in send
self.connect()
File "/usr/lib/python3.3/http/client.py", line 1206, in connect
server_hostname=server_hostname)
File "/usr/lib/python3.3/ssl.py", line 245, in wrap_socket
_context=self)
File "/usr/lib/python3.3/ssl.py", line 345, in __init__
raise x
File "/usr/lib/python3.3/ssl.py", line 341, in __init__
self.do_handshake()
File "/usr/lib/python3.3/ssl.py", line 548, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:550)
Bei heise.de und verify_cert2 gibt's das:
Code: Alles auswählen
conn = http.client.HTTPSConnection(server_addr, 443, cert_file=cert_file)
File "/usr/lib/python3.3/http/client.py", line 1190, in __init__
context.load_cert_chain(cert_file, key_file)
ssl.SSLError: [SSL] PEM lib (_ssl.c:2154)