OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

ssl: server does not recognize client's ca.crt

  • Thread starter Thread starter TheMagmaCube
  • Start date Start date
T

TheMagmaCube

Guest
{I have a problem with the server asking me to check the client's CA certificate. The client has the task of checking the server certificate ca. These are the same certificates, but an error occurs during the connection. Even though these are the same files and the same characters I used openssl to produce certificates.}

Code:
import threading
import time
import html
import ssl
import re
import tempfile


servercrt = """-----BEGIN CERTIFICATE-----
random 
-----END CERTIFICATE-----"""

serverkey = """-----BEGIN PRIVATE KEY-----
random
-----END PRIVATE KEY-----
"""

cacrt = """-----BEGIN CERTIFICATE-----
ranodm
-----END CERTIFICATE-----
"""


with tempfile.NamedTemporaryFile(delete=False) as server_crt_file:
    server_crt_file.write(servercrt.encode('utf-8'))
    server_crt_path = server_crt_file.name

with tempfile.NamedTemporaryFile(delete=False) as server_key_file:
    server_key_file.write(serverkey.encode('utf-8'))
    server_key_path = server_key_file.name

with tempfile.NamedTemporaryFile(delete=False) as ca_crt_file:
    ca_crt_file.write(cacrt.encode('utf-8'))
    ca_crt_path = ca_crt_file.name


context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile=server_crt_path, keyfile=server_key_path)
context.load_verify_locations(cafile=ca_crt_path)
context.verify_mode = ssl.CERT_REQUIRED




HOST = 'localhost'
PORT = 49152
transmision_type = 'utf8'

server.bind((HOST,PORT))
server.listen()

while True:
    client, address = server.accept()
    try:
        conn_ssl = context.wrap_socket(client, server_side=True)
    except Exception as e:
        conn_ssl.close()
        client.close()
        
        print(f'{e}')
    try:
        now = datetime.now()
        thread = threading.Thread(target=Client.menu(self = client_log),args=(conn_ssl,client_log))
        thread.start()
    except Exception as e:
        conn_ssl.close()
        client.close()
        
        print(f'{e}')

{Client file}

Code:
import socket
import time
import os
import ssl
import tempfile

cacrt = """-----BEGIN CERTIFICATE-----
random(same then server ca)
-----END CERTIFICATE-----
"""


with tempfile.NamedTemporaryFile(delete=False) as ca_crt_file:
    ca_crt_file.write(cacrt.encode('utf-8'))
    ca_crt_path = ca_crt_file.name

HOST = 'localhost'
PORT = 49152
transmision_type = 'utf8'


context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
context.load_verify_locations(cafile=ca_crt_path)
context.verify_mode = ssl.CERT_REQUIRED



client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


conn_sll = context.wrap_socket(client, server_hostname=HOST)


def clear_lines():
    os.system('cls' if os.name == 'nt' else 'clear')



try:
    print('Connecting...')
    conn_sll.connect((HOST,PORT))
    print(f'Successfully connected with the server.')
    time.sleep(1)
    clear_lines()
except:
    print(f'Connection with sever it is impossible)
    time.sleep(4)
    exit()

Code:
conn_ssl = context.wrap_socket(client, server_side=True)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1075, in _create
    self.do_handshake()
  File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1002)
PS C:\Terminal_E-mail_Server_Client-1.0v```

{here it shows how I made these certificates, keys and ca files, I would like to know if I am doing it correctly}
{I tried load file server.crt server.key ca.crt to server(don t work)
I tried copy and paste in the client.py and server.py not work
I don t know why server don t recognise ca on client(this the same ca.crt)}

{Tutorial how i make ca.crt, server.crt server.key
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256}

{Pls somebody tell me what i do wrong}
<p>{I have a problem with the server asking me to check the client's CA certificate.
The client has the task of checking the server certificate ca.
These are the same certificates, but an error occurs during the connection.
Even though these are the same files and the same characters
I used openssl to produce certificates.}</p>
<pre><code>import threading
import time
import html
import ssl
import re
import tempfile


servercrt = """-----BEGIN CERTIFICATE-----
random
-----END CERTIFICATE-----"""

serverkey = """-----BEGIN PRIVATE KEY-----
random
-----END PRIVATE KEY-----
"""

cacrt = """-----BEGIN CERTIFICATE-----
ranodm
-----END CERTIFICATE-----
"""


with tempfile.NamedTemporaryFile(delete=False) as server_crt_file:
server_crt_file.write(servercrt.encode('utf-8'))
server_crt_path = server_crt_file.name

with tempfile.NamedTemporaryFile(delete=False) as server_key_file:
server_key_file.write(serverkey.encode('utf-8'))
server_key_path = server_key_file.name

with tempfile.NamedTemporaryFile(delete=False) as ca_crt_file:
ca_crt_file.write(cacrt.encode('utf-8'))
ca_crt_path = ca_crt_file.name


context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile=server_crt_path, keyfile=server_key_path)
context.load_verify_locations(cafile=ca_crt_path)
context.verify_mode = ssl.CERT_REQUIRED




HOST = 'localhost'
PORT = 49152
transmision_type = 'utf8'

server.bind((HOST,PORT))
server.listen()

while True:
client, address = server.accept()
try:
conn_ssl = context.wrap_socket(client, server_side=True)
except Exception as e:
conn_ssl.close()
client.close()

print(f'{e}')
try:
now = datetime.now()
thread = threading.Thread(target=Client.menu(self = client_log),args=(conn_ssl,client_log))
thread.start()
except Exception as e:
conn_ssl.close()
client.close()

print(f'{e}')
</code></pre>
<p>{Client file}</p>
<pre><code>import socket
import time
import os
import ssl
import tempfile

cacrt = """-----BEGIN CERTIFICATE-----
random(same then server ca)
-----END CERTIFICATE-----
"""


with tempfile.NamedTemporaryFile(delete=False) as ca_crt_file:
ca_crt_file.write(cacrt.encode('utf-8'))
ca_crt_path = ca_crt_file.name

HOST = 'localhost'
PORT = 49152
transmision_type = 'utf8'


context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
context.load_verify_locations(cafile=ca_crt_path)
context.verify_mode = ssl.CERT_REQUIRED



client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)


conn_sll = context.wrap_socket(client, server_hostname=HOST)


def clear_lines():
os.system('cls' if os.name == 'nt' else 'clear')



try:
print('Connecting...')
conn_sll.connect((HOST,PORT))
print(f'Successfully connected with the server.')
time.sleep(1)
clear_lines()
except:
print(f'Connection with sever it is impossible)
time.sleep(4)
exit()
</code></pre>
<pre><code>conn_ssl = context.wrap_socket(client, server_side=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1075, in _create
self.do_handshake()
File "C:\Users\Hubert\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1346, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1002)
PS C:\Terminal_E-mail_Server_Client-1.0v```

{here it shows how I made these certificates, keys and ca files, I would like to know if I am doing it correctly}
{I tried load file server.crt server.key ca.crt to server(don t work)
I tried copy and paste in the client.py and server.py not work
I don t know why server don t recognise ca on client(this the same ca.crt)}

{Tutorial how i make ca.crt, server.crt server.key
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256}

{Pls somebody tell me what i do wrong}
</code></pre>
 
Top