[Twisted-Python] twisted.internet.ssl
Enoch W.
ixew at hotmail.com
Wed Oct 25 14:07:26 MDT 2017
Hi,
I am using a self-signed CA to issue server and client(s) certificates.
My server is using the standard Python ssl module.
One client, that is using twisted.internet.ssl, consistently fails to connect with:
On the Server: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:661),
On the Client: [WARNING] [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
This is my code:
path = getModule(__name__).filePath.sibling(u'data')
txt = path.child(u'ca.crt').getContent()
cacert = ssl.Certificate.loadPEM(txt)
root = ssl.trustRootFromCertificates([cacert])
txt = path.child(u'client.pem').getContent()
mycert = ssl.PrivateCertificate.loadPEM(txt)
ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, clientCertificate=mycert)
reactor.connectSSL(hostName, portNumber, factory, ctx)
I am using the latest git trunk code.
With a regular ssl client I don't have an issue.
A known bug?
Thanks, Enoch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20171025/72d2c32a/attachment.html>
More information about the Twisted-Python
mailing list