Geek Answers Handbook

SSL context for older python version

I have a code as below:

headers = {'content-type': 'ContentType.APPLICATION_XML'} uri = "www.client.url.com/hit-here/" clientCert = "path/to/cert/abc.crt" clientKey = "path/to/key/abc.key" PROTOCOL = ssl.PROTOCOL_TLSv1 context = ssl.SSLContext(PROTOCOL) context.load_default_certs() context.load_cert_chain(clientCert, clientKey) conn = httplib.HTTPSConnection(uri, some_port, context=context)

I am not a network programmer, so I did a few searches to establish a connection with a handshake and found ssl.SSLContext(PROTOCOL) as a necessary function, the code works fine.

Then I got to the checkpoint, my local one has version 2.7.10, but all production boxes have 2.7.3 with them, so SSLContext not supported, and updating the python version is not an / option in control.

I tried reading ssl - an SSL wrapper for socket objects , but could not understand.

what I tried (in vain):

 s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = ssl.wrap_socket(s_, keyfile=clientKey, certfile=clientCert, cert_reqs=ssl.CERT_REQUIRED) new_conn = s.connect((uri, some_port))

but returns:

 SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)')

Question - how to create an SSL context in the old version in order to have a secure https connection?

+7
python ssl sockets sslcontext
source share
2 answers

You must specify the ca_certs file (which should point to the trust store)

0
source share

I have a perfect solution using a query library. The request library is my favorite library I have ever used because Python requires something very complex - SSL and REST requests - and makes it incredibly simple. I checked their version support and supported Python 2.6+.

Here is an example of using their library.

 >>> requests.get(uri)

And that’s all you need. The query library searches for the ssl connection.

Let's take it a step further. If you need to save a cookie between requests, you can do it as follows.

 >>> sess = requests.Session() >>> credentials = {"username": "user", "password": "pass"} >>> sess.post("https://some-website/login", params=credentials) <Response [200]> >>> sess.get("https://some-website/a-backend-page").text <html> the backend page... </html>

Edit: if you need, you can also go along the path to the certificate and key so requests.get(uri, cert=('path/to/cert/abc.crt', 'path/to/key/abc.key'))

Now, I hope you can convince them to install a query library in the production boxes, because it's worth it. Let me know if this works for you.

0
source share

More articles:


All Articles