Tuesday, March 29, 2016

SSL Context for older python version

By Hường Hana 9:00 PM , , , , Leave a Comment

I have a code as below :

headers = {'content-type': 'ContentType.APPLICATION_XML'} uri = "www.client.url.com/hit-here/" clientCert = "path/to/cert/abc.crt" clientKey = "path/to/key/abc.key" PROTOCOL = ssl.PROTOCOL_TLSv1 context = ssl.SSLContext(PROTOCOL) context.load_default_certs() context.load_cert_chain(clientCert, clientKey) conn = httplib.HTTPSConnection(uri, some_port, context=context)

I am not really a network programmer, so i did some googling for handshake connection and found ssl.SSLContext(PROTOCOL) as the needed function, code works fine.

Then i hit the roadblock, my local has version 2.7.10 but all the production boxes have 2.7.3 with them, so SSLContext is not supported and upgrading python version is not an option / in control.

I tried reading ssl — SSL wrapper for socket objects but couldn't make sense out of it.

what i tried (in vain) :

s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = ssl.wrap_socket(s_, keyfile=clientKey, certfile=clientCert, cert_reqs=ssl.CERT_REQUIRED) new_conn = s.connect((uri, some_port))

but returns : 

SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)')

Question - how to generate SSL Context on older version so as to have a secure https connection?

2 Answers

Answers 1

You have to specify the ca_certs file (which should point to trust store)

Answers 2

I've got the perfect solution using the requests library. The requests library has got to be my favorite library I've ever used, cause it takes something in Python that is inherently difficult to do -- SSL and REST requests -- and makes it unbelievably simple. I checked out their version support and Python 2.6+ is supported.

Here is an example of how to use their library.

>>> requests.get(uri)

And that is all you have to do. The requests library takes care of establishing a ssl connection.

Taking this one step farther. If you need to persist cookies between requests, you can do so like this.

>>> sess = requests.Session() >>> credentials = {"username": "user",                     "password": "pass"} >>> sess.post("https://some-website/login", params=credentials) <Response [200]> >>> sess.get("https://some-website/a-backend-page").text <html> the backend page... </html>

Edit: If you need to, you can also pass in the path to the certificate and the key like so requests.get(uri, cert=('path/to/cert/abc.crt', 'path/to/key/abc.key'))

Now hopefully you can convince them to install the requests library on the production boxes, cause it would be well worth it. Let me know if this works out for you.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment