New submission from David M Noriega:
When trying to use python3-ldap package on Windows 7, found I could not get a
TLS connection to work and traced it to its use of ssl.wrap_socket. Trying out
the following simple socket test fails
import socket
import ssl
sock = socket.socket()
sock.connect(("host.name", 636))
ssl = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED,
ca_certs=r"C:path\to\cert\file")
Traceback (most recent call last):
File "<pyshell#4>", line 1, in <module>
sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_REQUIRED,
ca_certs=r"F:\Downloads\csbc-cacert.pem")
File "C:\Python34\lib\ssl.py", line 888, in wrap_socket
ciphers=ciphers)
File "C:\Python34\lib\ssl.py", line 511, in __init__
self._context.load_verify_locations(ca_certs)
ssl.SSLError: unknown error (_ssl.c:2734)
This code works on Windows XP(and of course linux) and I'm able to use
getpeercert()
A workaround I was able to figure out was to use ssl.SSLContext in conjunction
with Windows central certificate store. By first loading my CA cert into the
trusted root cert store, I could use SSLContext.load_default_certs() to create
an ssl socket.
----------
components: Windows
messages: 221373
nosy: David.M.Noriega
priority: normal
severity: normal
status: open
title: ssl.wrap_socket fails on Windows 7 when specifying ca_certs
versions: Python 3.4
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue21830>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
