Develop Reference

Connecting to a Postgres Database over SSL using Sockets in Python

I am trying to connect to a Postgres Database using sockets to enforce a particular TLS version from the client in order to verify that the Database does not accept connections from the client which uses an older version of TLS like tlsv1.1. The connection is failing on handshake with the following error :
python test2.py
Traceback (most recent call last): File "test2.py", line 12, in
ssl_version=ssl.PROTOCOL_TLSv1_2) File "<>/python3.6/lib/python3.6/ssl.py", line 1232, in
get_server_certificate
with context.wrap_socket(sock) as sslsock: File "<>/python3.6/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session) File "<>/python3.6/lib/python3.6/ssl.py", line 817, in init
self.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake() ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:852)
The following is a snippet of the code:
import socket
import ssl
hostname = <DB_Endpoint>
context = ssl.create_default_context()
with socket.create_connection((hostname, 8200)) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())

Self signed Certificate with Python SSL socket

I use a self signed certificate that I generated with the following command:
sudo make-ssl-cert generate-default-snakeoil
And copied it to my home directory.
If I run the following with this on server side:
from socket import socket, AF_INET, SOCK_STREAM
import ssl
def main():
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain('/home/hfurmans/ssl-cert-snakeoil.pem', '/home/hfurmans/ssl-cert-snakeoil.key')
host = "myipaddress"
port = 5432
my_socket = socket(AF_INET, SOCK_STREAM)
my_socket.bind((host, port))
my_socket.listen(1)
my_socket = context.wrap_socket(my_socket, server_side=True)
conn, addr = my_socket.accept()
print("Connection from: " + str(addr))
data = conn.recv(1024).decode()
print(data)
print("from connected user: " + str(data))
data = str(data).upper()
print("sending: " + str(data))
conn.send(data.encode())
conn.close()
if __name__ == "__main__":
main()
I substituded my IP address. But they are the same on server and client.
Here is the client code:
import socket
import ssl
hostname = "myipaddress"
context = ssl.create_default_context()
sock = socket.create_connection((hostname, 5432))
ssock = context.wrap_socket(sock, server_hostname=hostname)
print(ssock.version())
ssock.send("test")
If I run both scripts i get the following error.
This is the client error:
bash-3.2$ python3 client.py
Traceback (most recent call last):
File "client.py", line 8, in <module>
ssock = context.wrap_socket(sock, server_hostname=hostname)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)
And here is the server error:
Traceback (most recent call last):
File "server.py", line 27, in <module>
main()
File "server.py", line 16, in main
conn, addr = my_socket.accept()
File "/usr/lib/python3.6/ssl.py", line 1125, in accept
server_side=True)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)

A self-signed certificate is a trick to pretend that the CA
is the certificate itself.
So we have to provide beforehand the client with this certificate
in order to trust it when it will be encountered.
In the client, after the creation of the SSL context,
I tried something similar to
context.load_verify_locations('/home/hfurmans/ssl-cert-snakeoil.pem')
and it worked.
( https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_verify_locations)
I only had to remove context.verify_mode = ssl.CERT_REQUIRED in
the server because I didn't provide my client with its own certificate,
but that was not the problem reported in your question.
Of course, for all of this to work, your certificate must have
the correct common-name.
If the client connects to myipaddress (as a hostname),
then the common-name of the certificate must be myipaddress too.

How to handle https clients with sockets in python? Making proxy server

Im creating proxy server using sockets in python. I know how to handle http clients. But with https it doesnt work. I send to client message that everything is ok. Then i try to wrap client socket as a secure socket. But it doesnt work.
I got message:
Exception in thread Thread-14:
Traceback (most recent call last):
File "C:\Python37\lib\threading.py", line 926, in _bootstrap_inner
self.run()
File "C:\Python37\lib\threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "C:/Users/Даниил/Downloads/python/proxy_server/proxy_server.py", line 39, in __handle_client
self.__handle_https(client_sock, client_data, host, port)
File "C:/Users/Даниил/Downloads/python/proxy_server/proxy_server.py", line 62, in __handle_https
server_side=True)
File "C:\Python37\lib\ssl.py", line 1238, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session=session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)
I have certificate with Common Name: localhost and i added it in browser. Even when I create certificate with Common Name of host (e.g. docs.python.org) and add it to browser it doesnt work.
Here is my code of handling https requests:
def __handle_https(self, client_sock, data, host, port):
client_sock.sendall(b'HTTP/1.1 200 Connection Established\r\n\r\n')
sclient = ssl.wrap_socket(client_sock,
certfile='server.crt',
keyfile='server.key',
server_side=True)

A HTTP proxy should only forward the data between client and server after the CONNECT request is done. It should not handle the TLS itself as you try. Instead it should forward the data unchanged so that there is an end-to-end TLS connection between the client to the server via the proxy.

ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:661)

This is my code:
import ssl, socket
server ='10.10.10.9'
port = 50443
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock =ssl.wrap_socket(sock,ssl_version=ssl.PROTOCOL_SSLv3)
ssl_sock.connect((server, port))
return ssl_sock
I am Getting below error:
File "/home/ragav/trunk/lib/Ipdu.py", line 35, in open_socket
ssl_sock.connect((server, port))
File "/usr/local/lib/python2.7/ssl.py", line 876, in connect
self._real_connect(addr, False)
File "/usr/local/lib/python2.7/ssl.py", line 867, in _real_connect
self.do_handshake()
File "/usr/local/lib/python2.7/ssl.py", line 840, in do_handshake
self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:661)

This might be due to openssl version. check your openssl version if its 0.9 then that might be a reason for the error.
You can check openssl version in your python code using
print ssl.OPENSSL_VERSION

Python connecting to FTPS server filezilla violation of protocol error

Question I want to be able to connect to and download a file from my remote FTP filezilla. I am able to connect however as soon as it executes "ftp.retrlines('LIST')" I get an error as described below. Any help would be greatly appreciated!!!
Here is my script
from ftplib import FTP_TLS
ftp = FTP_TLS('111.111.111.111) # Hidden IP for my FTP SERVER
ftp.login('ftpuser', 'ftppassword12345')
ftp.prot_p() # securing data connection explicitly
ftp.cwd('/') # change working directory to the root
ftp.retrlines('LIST') # This is where it fails
Here is the error
Traceback (most recent call last):
File "ftps_.py", line 7, in <module>
ftp.retrlines('LIST')
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 735, in retrlines
conn = self.transfercmd(cmd)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 376, in transfercmd
return self.ntransfercmd(cmd, rest)[0]
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 713, in ntransfercmd
server_hostname=self.host)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:590)