0

The code below works on Windows, but on Ubuntu I'm receiving the error (35, 'error reading X.509 key or certificate file'). It seems like pycurl can't find the path to certificate file:

    c.setopt(c.URL, self.INTERFACE_URL)
    c.setopt(c.POST, True)
    c.setopt(c.HTTPHEADER, ["Content-Type: text/xml"])
    c.setopt(c.HTTPAUTH, c.HTTPAUTH_BASIC)
    c.setopt(c.USERPWD, self.AUTHORIZATION_PASS)
    c.setopt(c.POSTFIELDS, body)
    c.setopt(c.SSL_VERIFYPEER, True)
    c.setopt(c.SSLVERSION, 3)
    c.setopt(c.CAINFO, "geotrust.pem");
    c.setopt(c.VERBOSE, True)
    c.setopt(c.SSL_VERIFYHOST, 2)
    c.setopt(c.SSLCERT, "WS*******._.1.pem")
    c.setopt(c.SSLKEY, "WS*******._.1.key")
    c.setopt(c.SSLKEYPASSWD, "**********")
    c.setopt(c.WRITEFUNCTION, response.write)
    c.perform()
    c.close()

I found one of the possible solution that didn't help:

"Pycurl seems to set CAINFO and CAPATH to their default values simultaneously, which may lead to some confusion. I setup my consumer to use CAPATH, and had to call c.unsetopt(pycurl.CAINFO) in order to get things to work properly. I had forgotten that I'd run into this difficulty until you sent this e-mail. The other possibility is that pycurl can't find the certificate that you've supplied in the argument to CAINFO. You might try supplying a full path as the arugment to CAINFO instead."

Any ideas?

Marko Komnenović
  • 1
  • 3

1 Answers1

0

The root cause is that with debian, ubuntu, rasbian the pycurl stuff is bound to gnutls and not openssl or windows/mac os crypto API. With gnutls the *passwd parameters seems to be silently ignored. So protected keyfiles are not supported.

If you build your pycurl bound to openssl it works. How to do it with debian/ubuntu you will find here.

I have also filed a bug for pycurl. You may want to subscribe to this bug.

Community
  • 1
  • 1
thl
  • 19
  • 4