django-pyas2
django-pyas2 copied to clipboard
abhishek-ram
SSL handshake error when sending message thru https
Hi I have installed pyas2 server. I am trying to send a file to a trading partner that i setup. When I am sending the message it throws an error . I have included full chain in public certificates(host, intermediate and root ca) . Even though I uncheck “Verify Certificate” it still throwing same error. Note that public certificate is self signed certificate. The certificate i used in PEM format.
Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 603, in urlopen chunked=chunked) File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 843, in validate_conn conn.connect() File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 370, in connect ssl_context=context) File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl.py", line 355, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 478, in wrap_socket raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='myhostname.com', port=4080): Max retries exceeded with url: /dmz/X12 (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
Has anyone got this error before. I am stuck here and not able to progress without this issue being resolved.
Note that I am able to test pyas2 using https://django-pyas2.readthedocs.io/en/latest/quickstart.html by setting up two instances using orgs P1 and P2. But when I am trying to test with an real trading partner it fails.
Regards, Satyendra
@abhishek-ram , @chadgates
Hi Guys, Can you please comment on this issue?
@satyen4you Please note my answer already given to you in the BOTS forum. Did you check OpenSSL if that certificate is valid there ?
I ran openssl command and it seems to be working fine. openssl s_client -connect myhostname.com:4080 -state
CONNECTED(00000003) SSL_connect:before SSL initialization SSL_connect:SSLv3/TLS write client hello SSL_connect:SSLv3/TLS write client hello SSL_connect:SSLv3/TLS read server hello depth=2 CN = XXXXX Root CA verify return:1 depth=1 DC = org, DC = brinker, DC = eat, DC = home, CN = xxxxxx Issuing CA 01 verify return:1 depth=0 C = US, ST = Texas, L = Dallas, O = xxxx, OU = IT, CN = xxxxx.com, emailAddress = [email protected] verify return:1 SSL_connect:SSLv3/TLS read server certificate SSL_connect:SSLv3/TLS read server key exchange SSL_connect:SSLv3/TLS read server done SSL_connect:SSLv3/TLS write client key exchange SSL_connect:SSLv3/TLS write change cipher spec SSL_connect:SSLv3/TLS write finished SSL_connect:SSLv3/TLS write finished SSL_connect:SSLv3/TLS read change cipher spec SSL_connect:SSLv3/TLS read finished
Certificate chain 0 s:C = US, ST = Texas, L = Dallas, O = xxxxx, OU = IT, CN = xxxxx.com, emailAddress = [email protected] i:DC = org, DC = xxxx, DC = xx, DC = home, CN = XXXX Issuing CA 01 1 s:DC = org, DC = xxxx, DC = xx, DC = home, CN = XXXX Issuing CA 01 i:CN = xxxxxx Root CA 2 s:CN = xxxxxx Root CA i:CN = xxxxxx Root CA
Server certificate -----BEGIN CERTIFICATE----- MIIIyzCCBrOgAwIBAgIKbWAr3wABAABUKjANBgkqhkiG9w0BAQsFADCBhzETMBEG CgmSJomT8ixkARkWA29yZzEXMBUGCgmSJomT8ixkARkWB2JyaW5rZXIxEzARBgoJ kiaJk/IsZAEZFgNlYXQxFDASBgoJkia .... .... dh4Fk/jEIcb6IDyp97BTOvj8L09csARn1uBhToz9qvOny/FvgDUx59JuvvRzwGtu YppXbHnAaa7Ula4FzQ3FaiZrEDfhzEriiWS9SImWJGW4hgeGK17D8mR0Ghixit8= -----END CERTIFICATE-----
No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 6351 bytes and written 469 bytes Verification: OK
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA Session-ID: 5D83CF25F2351888D54FE2D823B6EF3E85FC34C6DD41BAF84F77F61BB7B08DAD Session-ID-ctx: Master-Key: 715AAA71CB191A041423128A686B48DF1742DCB3286DD35CDDBE4A830F594BD40F682C994E2C3A24FB9E2993889FA879 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1568919333 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
On Thu, Sep 19, 2019 at 12:22 PM Wassilios Lytras [email protected] wrote:
@satyen4you https://github.com/satyen4you Please note my answer already given to you in the BOTS forum. Did you check OpenSSL if that certificate is valid there ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/abhishek-ram/django-pyas2/issues/20?email_source=notifications&email_token=AJIPX2IZSX32R64HASTUVYTQKOYPFA5CNFSM4IYFU3D2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7EGZUY#issuecomment-533228755, or mute the thread https://github.com/notifications/unsubscribe-auth/AJIPX2LSE4FCULJE75L4VXDQKOYPFANCNFSM4IYFU3DQ .
To me, it seems to be a problem related to pyopenssl and your local installation. Could relate to the OpenSSL version used (I am not an SSL expert, but your output suggests TLS 1.0). Here is a hint towards that direction: https://github.com/pyca/pyopenssl/issues/788