From: David H. <dav...@gm...> - 2008-04-01 20:22:40
|
On Tue, Apr 1, 2008 at 1:09 PM, Moore, Greg <Gre...@ad...> wrote: > > Thanks David. that link helps. So I need to setup a trust manager even > though I'm trying to use a more pythonic solution? > > Is that because this is running on a JVM? And if that's that case > wouldn't it make the discussions (on the dev mailing list) about if > jython SSL support should work like CPyhton a moot point. e.g. it never > can because of the JVM?!?!?? > > Greg. > Mostly I answered the way I did because I had that information at my fingertips. From the stack trace it looks like the Jython implementation of the library you're using uses the Java SSL implementation under the covers. Most likely it uses the default settings, which means you can probably configure it by changing the Java default configuration. That said, I'm sure the Python library has its own way of configuring trust, which probably works just as well. Might as well check on python.org.... > ssl( sock[, keyfile, certfile]) > Initiate a SSL connection over the socket sock. keyfile is the name of a > PEM formatted file that > contains your private key. certfile is a PEM > formatted certificate chain file. On success, a new SSLObject is returned. > > Warning: This does not do any certificate verification! That's odd. It takes a certfile argument but says it doesn't do any verification. Maybe you should file a bug report against Jython for trying to verify the server cert :-( It looks like your two best alternatives are 1) configure your server with a signed cert, put the signing cert into a trust file (using keytool), and pass the file to socket.ssl, or 2) disable certificate checking in Java's default SSL implementation. -David |