[Twisted-Python] SSL problem
sflist at ihonk.com
Thu Dec 21 21:55:14 EST 2006
On Thu, 2006-12-21 at 11:04 -0500, Jean-Paul Calderone wrote:
> You have two pieces of data which are yours - your private key and your
> certificate (which is a csr signed by RapidSSL). The client needs (at
> least) one more piece of information, though - RapidSSL's certificate.
I found it here:
At least, I believe that's right, since despite some looking around, I'm
not sure how to verify by hand that my cert was signed by that CA. (I
played with openssl verify but it gave the OK to my cert without
pointing it at RapidSSL's root cert file, so I don't know that it's
doing what I want.) I've attached my cert in case you're interested.
> Try this. Put RapidSSL's certificate into a file, subclass
> DefaultOpenSSLContextFactory, override cacheContext, and on self._context,
> call use_certificate_chain_file with the name of the file you put RapidSSL's
> certificate into.
> This causes the server to include it in the handshake which is often
> required for clients to accept your certificate as valid.
Okay, I tried that...
...and nothing at all would connect to it. But read on...
> At some point, I think connectionLost for SSL connections was adjusted
> so that the SSL exception would be available. However, the important
> information is going to be on the client side <snip>
So based on this information, I whipped up a Twisted SSL client to hit
it so see what's wrong, and it tossed this out:
2006/12/21 20:36 CST [POP3Client,client] Traceback (most recent call
Failure: OpenSSL.SSL.Error: [('SSL routines', 'SSL3_READ_BYTES',
'sslv3 alert handshake failure'), ('SSL routines', 'SSL3_WRITE_BYTES',
'ssl handshake failure')]
Not sure if that's informative enough to suggest a next step!
Thanks for your help,
-------------- next part --------------
More information about the Twisted-Python