Das deutsche Python-Forum

Seit 2002 Diskussionen rund um die Programmiersprache Python
https://www.python-forum.de/

HTTPS und Zertifikat...

https://www.python-forum.de/viewtopic.php?t=33356

Seite 1 von 1

HTTPS und Zertifikat...

Verfasst: Freitag 28. Februar 2014, 16:56
von jens
Ich versuche gerade eine HTTPS Verbindung zu einem Server aufzubauen. Natürlich möchte ich dabei auch das Zertifikat überprüfen...
Weil es ein eigenes ist, hole ich mir das erstmal vom Server und speichere das. Aber will nicht:

Code: Alles auswählen

#!/usr/bin/env python3
# coding: utf-8

import ssl
import http


SERVER_ADDR = "heise.de"
CERT_FILE = "%s.pem" % SERVER_ADDR


def download_cert(server_addr, cert_file):
    # fetches the server’s certificate as a PEM-encoded string
    pem_cert = ssl.get_server_certificate((SERVER_ADDR, 443))

    with open(CERT_FILE, "w") as f:
        f.write(pem_cert)


def verify_cert1(server_addr, cert_file):
    context = ssl.SSLContext(
        ssl.PROTOCOL_TLSv1
#         ssl.PROTOCOL_SSLv23
    )
    context.verify_mode = ssl.CERT_REQUIRED
    context.load_verify_locations(cert_file)
    conn = http.client.HTTPSConnection(server_addr, 443, context=context)

    conn.request("GET", "/")
    response = conn.getresponse()
    return response


def verify_cert2(server_addr, cert_file):
    conn = http.client.HTTPSConnection(server_addr, 443, cert_file=cert_file)
    conn.request("GET", "/")
    response = conn.getresponse()
    return response

print("fetches certificate from %r..." % SERVER_ADDR)
download_cert(SERVER_ADDR, CERT_FILE)
print("certificate saved into %r" % CERT_FILE)


print("verify %r certificate..." % SERVER_ADDR)
response1 = verify_cert1(SERVER_ADDR, CERT_FILE)
print(response1)

response2 = verify_cert2(SERVER_ADDR, CERT_FILE)
print(response2)
print("OK")
Bei heise.de und verify_cert1 gibt's das:

Code: Alles auswählen

    conn.request("GET", "/")
  File "/usr/lib/python3.3/http/client.py", line 1065, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python3.3/http/client.py", line 1103, in _send_request
    self.endheaders(body)
  File "/usr/lib/python3.3/http/client.py", line 1061, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python3.3/http/client.py", line 906, in _send_output
    self.send(msg)
  File "/usr/lib/python3.3/http/client.py", line 844, in send
    self.connect()
  File "/usr/lib/python3.3/http/client.py", line 1206, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python3.3/ssl.py", line 245, in wrap_socket
    _context=self)
  File "/usr/lib/python3.3/ssl.py", line 345, in __init__
    raise x
  File "/usr/lib/python3.3/ssl.py", line 341, in __init__
    self.do_handshake()
  File "/usr/lib/python3.3/ssl.py", line 548, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:550)
Egal, ob mit ssl.PROTOCOL_TLSv1 oder ssl.PROTOCOL_SSLv23

Bei heise.de und verify_cert2 gibt's das:

Code: Alles auswählen

    conn = http.client.HTTPSConnection(server_addr, 443, cert_file=cert_file)
  File "/usr/lib/python3.3/http/client.py", line 1190, in __init__
    context.load_cert_chain(cert_file, key_file)
ssl.SSLError: [SSL] PEM lib (_ssl.c:2154)
Alle Zeiten sind UTC+01:00
Seite 1 von 1

Powered by phpBB® Forum Software © phpBB Limited

Deutsche Übersetzung durch phpBB.de