I looked extensively online if this question was answered elsewhere and it was not.
When trying to use CRLs in the python openssl library, we are getting "certificate unknown" errors. Specifically, when the crl has a revocation of a cert that is not used in the handshake of the ssl connection, there is still an error. If instead an empty CRL is used, there is no error and the devices are able to complete a socket.connect()
Simple client/server model to illustrate problem:
Server:
def createServerSideSocket(port, backlog=5):
context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile="cert.pem", keyfile="key.pem", password='tempPassword')
context.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF #specifying flag to check crl
context.load_verify_locations(cafile = "crl.pem") #loading crl
sock = socket.socket()
sock.bind(('', port))
sock.listen(backlog) #listen on port 5000
return sock, context
port = 5000
sock, context = createServerSideSocket(port)
newSocket, fromAddr = sock.accept()
connStream = context.wrap_socket(newSocket, server_side=True)
print(bytes.decode(connStream.recv(1024))) #receive and print data
Client:
def createClientSideSocket(server_ip):
context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile="cacert.pem")
context.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF #specifying flag to check crl
context.load_verify_locations("crl.pem") #loading crl
conn = context.wrap_socket(socket.socket(), server_hostname=server_ip)
return conn
conn = createClientSideSocket("192.168.1.7") #our IP address of the server
conn.connect(("192.168.1.7", 5000))
conn.sendall(str.encode("test data"))
When crl.pem has 0 revoked certs, connection works. When crl.pem has any revocation (even for revocations not used in the handshake) it fails with the following error:
on client:
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
on server:
[SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:777)
Related
I wrote a simple server code using socket module forward the listening port using ngrok but when i try to connect to ngrok provided url it gives error
socket.gaierror: [Errno 11001] getaddrinfo failed
Server Code
import socket
server = socket.socket()
host = "localhost"
port = 5002
server.bind((host,port))
print("Started Listening.........")
server.listen()
con, addr = server.accept()
print("Connection is accepted from :",str(addr))
while True:
data = con.recv(1024).decode()
if not data:
break
print("From Connected User :",str(data))
data = str(data).upper()
print("Received from User: " + str(data))
data = input("Enter message::::")
con.send(data.encode())
con.close()
Client Code
import socket
host = "tcp://0.tcp.in.ngrok.io:18376"
port = 5002
client = socket.socket()
client.connect((host,port))
mess = input("Enter message::")
while mess!='q':
client.send(mess.encode())
data = client.recv(1024).decode()
print("FROM SERVER = ",data)
mess = input("Enter message ::")
client.close()
I am creating a tcp tunnel using ngrok at 5002 port
ngrok tcp 5002
It generates
Web Interface http://127.0.0.1:4040
Forwarding tcp://0.tcp.in.ngrok.io:18376 -> localhost:5002
i am using this tcp url in my client host code host = "tcp://0.tcp.in.ngrok.io:18376" I tried removing port number and tried only tcp://0.tcp.in.ngrok.io but nothing happend
Can you guide me how to connect to this tcp tunnel from socket module because i am pretty new to socket programming.
I have a spring boot server that doesn't have ssl certificate and NOT selfsigned. I want to call certain apis with https://domainName.com/apiPath . (with https:// not http://)
So I found that I can set configs as to accept bad certificates. like this code...
import 'dart:io';
HttpClient client = new HttpClient();
client.badCertificateCallback =((X509Certificate cert, String host, int port) => true);
io.HttpClientRequest request = await client.postUrl(Uri.parse(
"https://domainname.com/apiPath"));
request.headers.set('Content-Type', 'application/json');
request.add(utf8.encode(jsonEncode(body)));
io.HttpClientResponse result = await request.close();
api call works with http://... But it doesn't work with https://
this is the error.
E/flutter ( 8183): [ERROR:flutter/lib/ui/ui_dart_state.cc(209)] Unhandled Exception: SocketException: Connection refused (OS Error: Connection refused, errno = 111), address = <domain name>, port = 33028
Can I know, for this to work is it mandotory to self sign the backend(server)?
(may be this is a stupid question. I don't know much about this topic)
I'm trying to setup a server using Python socket programming, using the code below:
from socket import *
serverPort = 80
serverSocket = socket(AF_INET, SOCK_STREAM)
serverSocket.bind(("", serverPort))
serverSocket.listen(1)
print ("The server is ready to receive")
while True:
connectionSocket, addr = serverSocket.accept()
sentence = connectionSocket.recv(1024).decode()
capitalizedSentence = sentence.upper()
connectionSocket.send(capitalizedSentence.encode())
connectionSocket.close()
When I use this code and try to enter localhost in a web browser, I get the response without any problem as shown.
But, when I change line 3 in the code to serverPort = 12000 and try to enter localhost:12000, I don't get a response.
Note: I use Windows not Linux, and I run the Python code on PyCharm 2020.3.3.
Neither example should be working, regardless of the port used, because the server is not sending back a valid HTTP response, like the error message says. The fact that the 1st example "works" is a fluke.
Try this instead:
from socket import *
serverPort = 80
serverSocket = socket(AF_INET, SOCK_STREAM)
serverSocket.bind(("", serverPort))
serverSocket.listen(1)
print ("The server is ready to receive")
while True:
connectionSocket, addr = serverSocket.accept()
sentence = connectionSocket.recv(1024).decode()
capitalizedSentence = sentence.upper()
reply = "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n"
connectionSocket.send(reply.encode()) # <-- add this!
connectionSocket.send(capitalizedSentence.encode())
connectionSocket.close()
I have set up a simple client-server communication code and it works well in my computer when my computer itself acts as a server and the client.
Now I am trying to run this same code on two different computers in different networks( different locations) where my computer will act as a server and my friend's computer as a client.
I have done port forwarding in my router as well as in my friend's router for the port which we are trying to communicate. We both have set up a static IP in our internal network behind the router. We both had shutdown the firewall while running the code.
I am running my code on Jupiter notebook and the same is my friend too.
here is my server code:
import socket
import threading
HEADER = 64
PORT = 5064
SERVER = '0.0.0.0'
ADDR = (SERVER, PORT)
FORMAT = 'utf-8'
DISCONNECT_MESSAGE = "quit"
Receive_from_client = "get info"
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
server.bind(ADDR)
def handle_client(conn, addr):
print("\n" + f"[NEW Connection] detected from IP: {addr[0]} & Port:{addr[1]} ")
conn.send(f"connected to server {ADDR}".encode(FORMAT))
connected =True
while connected:
msg_length = conn.recv(HEADER).decode(FORMAT) # decode the msg from byte to utf-8 format
if msg_length:
msg_length = int(msg_length)
msg = conn.recv(msg_length).decode(FORMAT)
if msg == DISCONNECT_MESSAGE:
connected = False
print(f" [Client][{addr}] {msg}")
print("Your session is disconnected")
break
if msg == Receive_from_client:
print("\n" + f"Send your msg to client with IP: {addr[0]}")
thread = threading.Thread(target = send2client, args = (conn, addr))
thread.start()
print(f" [Client][{addr}] {msg}")
conn.send(f"Msg received by server with IP:{addr[0]}".encode(FORMAT))
conn.close()
server.close()
def start():
server.listen()
print("\n"+ f"[LISTENING] Server is listening from IP: {SERVER} ")
while True:
conn, addr = server.accept()
thread = threading.Thread(target = handle_client, args = (conn, addr))
thread.start()
Here is the client code
import socket
import threading
HEADER = 64
PORT = 5064
FORMAT = 'utf-8'
DISCONNECT_MESSAGE = "quit"
SERVER = '103.192.207.250' # SERVERS public IP
ADDR = (SERVER, PORT)
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
client.connect(ADDR)
def send2server():
while True:
msg = input()
message = msg.encode(FORMAT)
msg_lenght = len(message)
send_length = str(msg_lenght).encode(FORMAT)
send_length += b' '*(HEADER - len(send_length))
client.send(send_length)
client.send(message)
print(client.recv(2048).decode(FORMAT))
if msg == DISCONNECT_MESSAGE:
print("session closed")
client.close()
def start():
print("\n"+ f"[LISTENING] client is listening from IP: {ADDR} ")
send2server()
I have opened the port by going on windows firewall defender and selecting new inbound and outbound rules to open 5064 TCP port.
but still, the code doesn't works..
my server keeps waiting for connection and the client-side after few seconds of running gives this error:
TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Even while my server is listening from port 5064 when I scan this port to check if the port is open or not it says closed.
How do I check if the port I have forwarded is for sure open and also how do I get this thing work?
I have tried all of this and if there is any other thing I am missing please tell. I am struggling to get this work for the past 3 days.
I'm learning server- and client-side connections:
What I'm attempting to do is connecting server- and client-side scripts with each other on Qpython(android)
The problem is when I run it, it gives me this:
"ConnectionRefusedError: Errno [111] Connection Refused"
When I run the same scripts on my computer it gives me no error.
Background information:
I'm using 2 different apps on my phone
And 1 on my computer.
But I suppose that can't be the problem
Client
import socket
import sys
HOST, PORT = "localhost", 9999
Data = " ".join(sys.argv[1:]) + input(" Enter Message:\n"
# Create a socket (SOCK_STREAM means a TCP socket)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
# Connect to server and send data
sock.connect((HOST, PORT))
sock.sendall(bytes(data + "\n", "utf-8"))
# Receive data from the server and shut down
received = str(sock.recv(1024), "utf-8")
finally:
sock.close()
print("Sent: {}".format(data))
print("Received: {}".format(received))
Server
import socketserver
class MyTCPHandler(socketserver.BaseRequestHandler):
def handle(self):
# self.request is the TCP socket connected to the client
self.data = self.request.recv(1024).strip()
print("{} wrote:".format(self.client_address[0]))
print(self.data)
# just send back the same data, but upper-cased
self.request.sendall(self.data.upper())
if __name__ == "__main__":
HOST, PORT = "localhost", 9999
# Create the server, binding to localhost on port 9999
server = socketserver.TCPServer((HOST, PORT), MyTCPHandler)
server.serve_forever()