How to set / find the ca_certs argument in python ssl.wrap_socket ()

Question

How to set / find the ca_certs argument in python ssl.wrap_socket ()

I am trying to write a python 2.7 script that connects to a server via SSL or TLS socket. The server exists and can provide its certificate, etc.

I found the following code:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(s, ca_certs="/etc/ca_certs_file", cert_reqs=ssl.CERT_REQUIRED) ssl_sock.connect((serverName, portNumber))

I do not understand what is the argument ca_certs. Is it assumed that this is a file that currently exists on my computer? If so, how do I know where it is? I looked at my Linux computer (raspberry pi with debian) and found many .pem files in the / etc / ssl / cert directory. Should I set the ca_certs argument for one of them? If so, which one to choose? If not, what should I install?

+4

python ssl sockets

Nduf Aug 9 '12 at 13:37

source share

1 answer

Nduf · Accepted Answer · 2012-08-21T08:15:30+0000

It turns out that the cert file is a file that should already exist in the OS, and which contains a concatenated list of root (and / or intermediate? Not sure about this) certificates that the OS trusts. In my case on rasperry pi debian this is / etc / ssl / certificates / ca -certificates.crt

If you have certificates that you want to trust, you can add them to this file using the linux-ca-certificate renewal commands. This will read the file / etc / ca -certificateds.conf, which should contain a list of certificates that you want to trust. (by default it will try to find these certificates in / usr / share / ca-certificate)

How to set / find the ca_certs argument in python ssl.wrap_socket ()

More articles: