From: John Nagle on
I'm starting to convert from M2Crypto to Python 2.6's SSL
module. So I tried a trivial test:

import ssl
import socket
certs = "d:/projects/sitetruth/certificates/cacert.pem"
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssk = ssl.wrap_socket(sk, certfile=certs, cert_reqs=ssl.CERT_NONE)

This is a basic HTTPS open sequence.

This yields:

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "D:\python26\lib\", line 307, in connect
ssl.SSLError: [Errno 336265225] _ssl.c:337:
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

The cert file is the same PEM file I use with M2Crypto, and it's
derived from Firefox's cert file.

Why am I getting a "private key" related error? I'm not submitting a keyfile,
just a cert file.

I've tried explicitly adding "keyfile=None" to the wrap_socket call, but
that doesn't change anything.

Python version: '2.6.1 (r261:67517, Dec 4 2008, 16:51:00) [MSC v.1500 32 bit

John Nagle
From: John Nagle on
Antoine Pitrou wrote:
> Perhaps you are using the wrong parameters and looking for ca_certs
> instead:

That's right. Thanks.

John Nagle