Comments (7)
I should mention that I get this on the client when running
python safe_tls.py localhost 9000 -a ca.crt
from fopnp.
I wonder why it doesn't like the certificate any more? A more detailed error message from it would have been helpful. I'll see if I can find time soon to take a look. I guess I'll have to install Python 3.7 for the first time!
from fopnp.
I am not sure, and unfortunately that is the whole error message, but here is the full stack trace in case useful
Traceback (most recent call last):
File "safe_tls.py", line 52, in <module>
client(args.host, args.port, args.a)
File "safe_tls.py", line 15, in client
ssl_sock = context.wrap_socket(raw_sock, server_hostname=host)
File "REDACTED/lib/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "REDACTED/lib/python3.7/ssl.py", line 853, in _create
self.do_handshake()
File "REDACTED/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: invalid CA certificate (_ssl.c:1056)
from fopnp.
So I think I figured out the source of the problem. You are using the CN to verify the domain name, but this has officially been deprecated since 2000 (see RFC 2818)!
To work with Python 3.7 the domain name must be defined in the Subject Alternative Name (SAN) section (i.e. extension) of the certificate.
from fopnp.
FYI: I was able to make this work generating CA and server certs following this blog post: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
from fopnp.
Wow, thanks for working out the problem! Any interest in opening a pull request to contribute those certificates โ were you able to update the certificate generating script to match the new requirements?
from fopnp.
Thanks again for reporting this error. I started a deep dive into the issue yesterday, and this morning have isolated the root cause: the CA was not actually labeled with CA:TRUE
in its basicConstraints
. I have regenerated the entire stack of certificates atop a new CA (thank goodness I wrote a Makefile, so I didn't need to reconstruct all the commands!) and no longer get the error cited. Let me know if you have any further problems!
from fopnp.
Related Issues (20)
- Code Correction HOT 1
- p.23 The "FAKE" Message Didn't Go Through HOT 1
- Fix for broken ./build.sh (fails), need to add code to the /base/Dockerfile HOT 21
- OSError with big_sender HOT 2
- The box 'ubuntu/vivid64' could not be found HOT 3
- Unused argument in tcp_deadlock.py HOT 4
- SocketServer request_queue_size HOT 1
- docker: Error image fopnp/base:latest not found HOT 4
- Can't generate localhost.pem HOT 2
- chapter06/safe_tls.py does not work with Python 3.6 HOT 4
- opnp / py3 / chapter07 / client.py not work with python3.6
- IN means๏ผ HOT 3
- Vagrant stuck on 'SSH auth method: private key' HOT 3
- how to install it on windows? HOT 1
- Chapter 06: lib.SSL_get_version segfaults on python3.6.6 darwin 16.7.0 HOT 3
- Chapter 1 examples no longer work HOT 3
- To recieve data contiuously from tcp barcode scanners HOT 2
- chapter 08 memcache not working HOT 5
- Capture 11 app_insecure doesn't start with flask version >2.0.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fopnp.