Im creating proxy server using sockets in python. I know how to handle http clients. But with https it doesnt work. I send to client message that everything is ok. Then i try to wrap client socket as a secure socket. But it doesnt work.
I got message:
Exception in thread Thread-14:
Traceback (most recent call last):
File "C:\Python37\lib\threading.py", line 926, in _bootstrap_inner
self.run()
File "C:\Python37\lib\threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "C:/Users/Даниил/Downloads/python/proxy_server/proxy_server.py", line 39, in __handle_client
self.__handle_https(client_sock, client_data, host, port)
File "C:/Users/Даниил/Downloads/python/proxy_server/proxy_server.py", line 62, in __handle_https
server_side=True)
File "C:\Python37\lib\ssl.py", line 1238, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session=session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)
I have certificate with Common Name: localhost and i added it in browser. Even when I create certificate with Common Name of host (e.g. docs.python.org) and add it to browser it doesnt work.
Here is my code of handling https requests:
def __handle_https(self, client_sock, data, host, port):
client_sock.sendall(b'HTTP/1.1 200 Connection Established\r\n\r\n')
sclient = ssl.wrap_socket(client_sock,
certfile='server.crt',
keyfile='server.key',
server_side=True)
A HTTP proxy should only forward the data between client and server after the CONNECT request is done. It should not handle the TLS itself as you try. Instead it should forward the data unchanged so that there is an end-to-end TLS connection between the client to the server via the proxy.
Related
I am trying to connect to a Postgres Database using sockets to enforce a particular TLS version from the client in order to verify that the Database does not accept connections from the client which uses an older version of TLS like tlsv1.1. The connection is failing on handshake with the following error :
python test2.py
Traceback (most recent call last): File "test2.py", line 12, in
ssl_version=ssl.PROTOCOL_TLSv1_2) File "<>/python3.6/lib/python3.6/ssl.py", line 1232, in
get_server_certificate
with context.wrap_socket(sock) as sslsock: File "<>/python3.6/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session) File "<>/python3.6/lib/python3.6/ssl.py", line 817, in init
self.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake() File "<>/python3.6/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake() ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:852)
The following is a snippet of the code:
import socket
import ssl
hostname = <DB_Endpoint>
context = ssl.create_default_context()
with socket.create_connection((hostname, 8200)) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())
I am trying to make a web server on sockets in python. I saw how to make https support for server from module http.server in python by wrapping its socket with a .pem certificate. I would like to make https support on my socket server. I have a self-signed certificate for a localhost and it worked for a ready-made server, but my server has an error:
Traceback(most recent call last):
File "webserver.py", line 84, in main
server.start_server()
File "C:\b\nw\12t\http_lite.py", line 103, in start_server
conn, addr = ssock.accept()
File "C:\Python37\lib\ssl.py", line 1188, in accept
server_side=True)
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session = session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c: 1076)
And also if I allow to open a site in a browser:
Traceback (most recent call last):
File "webserver.py", line 84, in main
server.start_server()
File "C:\b\nw\12t\http_lite.py", line 100, in start_server
conn, addr = ssock.accept()
File "C:\Python37\lib\ssl.py", line 1188, in accept
server_side=True)
File "C:\Python37\lib\ssl.py", line 423, in wrap_socket
session = session
File "C:\Python37\lib\ssl.py", line 870, in _create
self.do_handshake()
File "C:\Python37\lib\ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
My connection setup code looks like this:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, proto=0)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind ((self.host, self.port))
s.listen(self.backlog)
ssock = ssl.wrap_socket(s,
server_side=True,
certfile='localhost.pem',
ssl_version=ssl.PROTOCOL_TLSv1)
in the while loop
conn, addr = ssock.accept()
....
Please help me figure out what I am doing wrong.
Sorry for my bad English.
i'm getting the title error when I'm trying to access my gmail emails using the imap-tools module of python. Below is the details as given during establishing the connection.
Traceback (most recent call last):
File "d:\PythonLabs\delete_gmail_emails.py", line 3, in <module>
gautham_gmail_box = MailBox('imap.gmail.com')
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\site-packages\imap_tools\main.py", line 61, in __init__
host, port or imaplib.IMAP4_SSL_PORT, keyfile, certfile, ssl_context)
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\imaplib.py", line 1283, in __init__
IMAP4.__init__(self, host, port)
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\imaplib.py", line 197, in __init__
self.open(host, port)
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\imaplib.py", line 1296, in open
IMAP4.open(self, host, port)
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\imaplib.py", line 294, in open
self.sock = self._create_socket()
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\imaplib.py", line 1288, in _create_socket
server_hostname=self.host)
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 412, in wrap_socket
session=session
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 850, in _create
self.do_handshake()
File "C:\Users\skolluru\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 1108, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host
[Done] exited with code=1 in 0.338 seconds
I think the error is because of my gmail email secured with 2-step authentication. I want to keep my security for my gmail account same want to know a workaround to access my emails from my python program.
Here is my python code:
from imap_tools import MailBox
gautham_gmail_box = MailBox('imap.gmail.com')
gautham_gmail_box.login('my_email#gmail.com','my_password')
I think you have to enable some unsecure access to your Gmail before you can access it this way, but I'm not sure.
IMO, you're much better off using Google's official library to access Gmail using Python. Visit https://developers.google.com/gmail/api/quickstart/python to learn more about this.
Question I want to be able to connect to and download a file from my remote FTP filezilla. I am able to connect however as soon as it executes "ftp.retrlines('LIST')" I get an error as described below. Any help would be greatly appreciated!!!
Here is my script
from ftplib import FTP_TLS
ftp = FTP_TLS('111.111.111.111) # Hidden IP for my FTP SERVER
ftp.login('ftpuser', 'ftppassword12345')
ftp.prot_p() # securing data connection explicitly
ftp.cwd('/') # change working directory to the root
ftp.retrlines('LIST') # This is where it fails
Here is the error
Traceback (most recent call last):
File "ftps_.py", line 7, in <module>
ftp.retrlines('LIST')
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 735, in retrlines
conn = self.transfercmd(cmd)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 376, in transfercmd
return self.ntransfercmd(cmd, rest)[0]
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ftplib.py", line 713, in ntransfercmd
server_hostname=self.host)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
_context=self)
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
self.do_handshake()
File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:590)
I'm attempting to make a simple HTTPS connection to a REST API using python from CentOS 6.5. Installed is python-2.6.6-52.el6.x86_64 and openssl-1.0.1e-16.el6_5.7.x86_64.
#!/usr/bin/env python
import httplib, json, urllib, urllib2
# Gets the session ID to host
c = httplib.HTTPSConnection("10.10.1.1")
c.request("GET", "/services/rest/V2/?method=authenticate&username=myusername&password=mypasswd&format=json")
response = c.getresponse()
data = json.loads(response.read())
session_id = data['session_id']
print "Session Created. Session ID: " + session_id
However, its giving me this error:
Traceback (most recent call last):
File "./test3.py", line 7, in <module>
c.request("GET", "/services/rest/V2/?method=authenticate&username=myusername&password=mypasswd&format=json")
File "/usr/lib64/python2.6/httplib.py", line 914, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 739, in send
self.connect()
File "/usr/lib64/python2.6/httplib.py", line 1116, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/usr/lib64/python2.6/ssl.py", line 342, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs)
File "/usr/lib64/python2.6/ssl.py", line 120, in __init__
self.do_handshake()
File "/usr/lib64/python2.6/ssl.py", line 279, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:492: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Is this an openssl/python compatibility issue? I've already got the latest python and openssl RPMs I can find and I'd rather not venture off the RPM reservation by compiling the latest tarball manually.
This might happen if you configured a server to only accept TLS1.2 but don't have support for TLS1.2 on the client side. At least Ubuntu has patched their openssl to not provide TLS1.1 on the client side but only on the server side to work around some bugs with some hosts. Maybe RHEL/CentOS did too.