Python Forum

Full Version: TLS socket communication use ECDSA -secp384r1 certificate/key problem.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
client side:
import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain(certfile = 'ec_client.crt', keyfile = 'ec_client.key')
context.load_verify_locations('ec_server_ca_chain.crt')	# server and CA certificate combined.

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('192.168.2.7', 8443))

ssl_sock = context.wrap_socket(s, server_side = False, server_hostname = 'somehostname')
Error:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1000)
----------------------------------------------------------------------
server side:
import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain(certfile = 'ec_server.crt', keyfile = 'ec_server.key')
context.load_verify_locations('ec_client_ca_chain.crt')	# client and CA certificate combined.

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', 8443))
s.listen(5)

conn, addr = s.accept()
ssl_conn = context.wrap_socket(conn, server_side = True)
Error:
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1018)
Is there a Question?
I generate self-signed certificate,

CA
|--ec_server.crt, ec_server.key
|--ec_client.crt, ec_client.key

Create SSL/TLS connection between two Linux platform success use above code.
When I run client side code on Windows platform, server side code on Linux platform, rise this Error, what's wrong?

client side(Windows)
Error:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1000)
server side(Linux)
Error:
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1018)