Re: Secure ssl connection with wrap_socket



On Jul 5, 4:52 am, Andrea Di Mario <anddima...@xxxxxxxxx> wrote:
Hi, I'm a new python user and I'm writing a small web service with ssl.
I want use a self-signed certificate like in wiki:http://docs.python.org/dev/library/ssl.html#certificates
I've used wrap_socket, but if i try to use
cert_reqs=ssl.CERT_REQUIRED, it doesn't work with error:

urllib2.URLError: <urlopen error _ssl.c:326: No root certificates
specified for verification of other-side certificates.>

It works only with CERT_NONE (the default) but with this option i
could access to the service in insicure mode.

Have you some suggestions for my service?


Also specify some root certificates to use in verifying the peer's
certificate. Certificate verification works by proceeding from a
collection of "root" certificates which are explicitly trusted. These
are used to sign other certificates (which may in turn be used to sign
others, which in turn...). The process of certificate verification is
the process of following the signatures from the certificate in use by
the server you connect to back up the chain until you reach a root
which you have either decided to trust or not. If the signatures are
all valid and the root is one you trust, then you have established a
connection to a trusted entity. If any signature is invalid, or the
root is not one you trust, then you have not.

The root certificates are also called the "ca certificates" or
"certificate authority certificates". `wrap_socket` accepts a
`ca_certs` argument. See http://docs.python.org/library/ssl.html#ssl-certificates
for details about that argument.

Jean-Paul
.



Relevant Pages

  • Re: Enterprise root CA not re-trusted after manually deleted
    ... published) autoenrollment queries AD for CA certs and installs them. ... CA certs in AD). ... deleted root certs can automatically return or need a manual repair. ... If root CA certificates are distributed using autonenrollment (meaning ...
    (microsoft.public.windows.server.security)
  • Re: Certificate issue on Exchange ActiveSync setup (WM6) - UPDATE
    ... In the Certificates snap-in box it is very important you choose "Computer ... Finish out of the standalone boxes and view the Console Root window. ... should now see a Console Root folder, with a Certificates folder under it, ...
    (microsoft.public.pocketpc.activesync)
  • Re: Enterprise Subordinate CA signed by third party Commercial CA like Verisign/Thawte/etc
    ... we will need to have trust ... As far as standard versus enterprise, ... If the root CA is compromised your whole PKI ... > your certificates then it would make sense to use your own CA. ...
    (microsoft.public.windows.server.security)
  • Re: Public Key on Enterprise CA
    ... 2000 or Windows Server 2003 Enterprise CA. ... I see that Verisign will sell ... > digital certificates for about $15 per user. ... > savings by managing your own subordinate CA with Verisign as the root CA ...
    (microsoft.public.win2000.security)
  • Re: Enterprise root CA not re-trusted after manually deleted
    ... automatically installed into all computers' Trusted Root Certification ... Does it mean that the Enterprise Root CA's cert is installed ... If root CA certificates are distributed using autonenrollment (meaning you have ... a standard enterprise CA install, and you don't use group policy for ...
    (microsoft.public.windows.server.security)