Ok, here are two sample servers, the twisted server with a client using 'requests' causes an SSL Verify fail error:
Twisted:
from twisted.internet import ssl, reactor
from twisted.web.server import Site
from twisted.web.resource import Resource from OpenSSL import SSL
from twisted.python import log import sys import logging
Enable debugging for requests
logging.basicConfig(level=logging.DEBUG) logging.getLogger('urllib3').setLevel(logging.DEBUG)
class ProcessRequest(Resource): isLeaf = True
log.startLogging(sys.stdout)
Specify paths to your certificates
cert_file = "C:\certbot\test\fullchain.pem" key_file = "C:\certbot\test\privkey.pem" ca_cert_file = "C:\certbot\test\ISRG_Root_X1.pem"
Create an SSL context manually
context = SSL.Context(SSL.TLSv1_2_METHOD) context.use_certificate_file(cert_file) context.use_privatekey_file(key_file)
Add the root certificate to the certificate chain
context.load_verify_locations(ca_cert_file) context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, lambda *args: True)
Create a Twisted web server
objResource = ProcessRequest() objSite = Site(objResource) reactor.listenSSL(3510, objSite, contextFactory=lambda: context)
Start the reactor
reactor.run()
Flask: `from flask import Flask
app = Flask(name) @app.route('/', methods=['GET', 'HEAD'])
def hello(): return 'Hello, SSL!'
if name == 'main': import ssl context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) context.load_cert_chain('C:\Certbot\test\fullchain.pem', 'C:\Certbot\test\privkey.pem') app.run(ssl_context=context, host='167.68.12.59', port=3510, debug=True)
Here's the client:
import requests
import certifi
import logging
# Enable debugging for requests
logging.basicConfig(level=logging.DEBUG)
logging.getLogger('urllib3').setLevel(logging.DEBUG)
BASE_URL = 'https://www.random.com.au:3510'
def get_token(username, password):
verify = "C:\\certbot\\test\\ISRG_Root_X1.pem"
response = requests.post(
f'{BASE_URL}/login',
auth=(username, password),
verify=verify,
timeout=5)
print(response.text)
if response.status_code == 200:
token = response.json().get('token')
return token
else:
return None
token=get_token('test', 'test')
print(token)
The flask server works fine with the ssl certificates and no issues getting back a response (of sorts)
The twisted server (no matter what I do, except verify=False) will trip up with: HTTPSConnectionPool(host='www.random.com.au', port=3510): Max retries exceeded with url: /login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
Any ideas?
I've tried multiple iterations on twisted with no luck:
from twisted.internet import ssl, reactor, endpoints
from twisted.web.server import Site
from twisted.web.resource import Resource from OpenSSL import SSL
from twisted.python import log
import sys
import logging
# Enable debugging for requests
logging.basicConfig(level=logging.DEBUG)
logging.getLogger('urllib3').setLevel(logging.DEBUG)
class ProcessRequest(Resource):
isLeaf = True
log.startLogging(sys.stdout)
# Specify paths to your certificates
cert_file = "C:\\certbot\\test\\fullchain.pem"
key_file = "C:\\certbot\\test\\privkey.pem"
ca_cert_file = "C:\\certbot\\test\\ISRG_Root_X1.pem"
fullchain=cert_file.replace("\\","\\\\").replace("C:","C\:")
private_key=key_file.replace("\\","\\\\").replace("C:","C\:")
server_ssl_port=3510
server_ip='167.68.12.59'
# Create a Twisted web server
objResource = ProcessRequest()
objSite = Site(objResource)
keyargs = f'ssl:{server_ssl_port}:interface={server_ip}:certKey={fullchain}:privateKey= {private_key}'
https_server = endpoints.serverFromString(reactor, keyargs)
https_server.listen(objSite)
# Start the reactor
reactor.run()
Still no dice. Been trying to get requests to work with twisted & SSL for four days.