Dustin Oprea added the comment: I think I was getting mixed results by using requests and urllib2/3. After nearly being driven crazy, I performed the following steps:
1. Recreated client certificates, and verified that the correct CA was being used from Nginx. 2. Experimenting using an SSL-wrapped client-socket directly, in tandem with s_client. 3. I then removed all of my virtualhosts except for a new one that pointed to a flat directory, just to make sure that I wasn't activating the wrong virtualhost, and there weren't any other complexities. 4. Implemented a bonafide, signed, SSL certificate on my local system, and overriding the hostname using /etc/hosts. 5. This got me past the 400. I switched back to using my local hostname with my self-signed certificate, and told wrap_socket to not verify (at this point, I stopped checking with s_client). 6. I started reactivating all of my normal virtualhost includes, one include at a time. 7. Reverted back to using the standard, proprietary client, and verified that it worked. I'm guessing that a) something happened to my original certificates, b) I might've had an incorrect CA certificate for authentication, and/or c) I had added a default virtualhost on the non-standard port that I am using that always returns Forbidden, and this might've been unexpectedly catching the wrong requests. Since I verified my client certificates against my internal issuer in the beginning, I don't think it's (a) or (b). I could've done without these problems. I can't even say what started it all. ---------- nosy: +dsoprea _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22835> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
