Hi,
I am using a self-signed CA to issue server and client(s) certificates.
My server is using the standard Python ssl module.
One client, that is using twisted.internet.ssl, consistently fails to connect with:
On the Server: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:661),
On the Client: [WARNING] [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
This is my code:
path = getModule(__name__).filePath.sibling(u'data')
txt = path.child(u'ca.crt').getContent()
cacert = ssl.Certificate.loadPEM(txt)
root = ssl.trustRootFromCertificates([cacert])
txt = path.child(u'client.pem').getContent()
mycert = ssl.PrivateCertificate.loadPEM(txt)
ctx = ssl.optionsForClientTLS(hostName, trustRoot=root, clientCertificate=mycert)
reactor.connectSSL(hostName, portNumber, factory, ctx)
I am using the latest git trunk code.
With a regular ssl client I don't have an issue.
A known bug?
Thanks, Enoch.