[PYTHON-CRYPTO] SSL Through Proxy with M2Crypto always gives: NoCertificate: peer did not return certificate

Matthias Barmeier barmeier at BARMEIER.COM
Mon Nov 24 18:14:45 CET 2008 

Hi,

I tried to setup a SSL Connection through a Squid proxy. When I observe
the traffic with tshark everything looks fine. The proxies thsark output
looks like this :

  0.000000 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [SYN] Seq=0
Len=0 MSS=1460 TSV=245716826 TSER=0 WS=6
  0.055182 82.165.xx.xx -> 192.168.2.99 TCP https > 38952 [SYN, ACK]
Seq=0 Ack=1 Win=5792 Len=0 MSS=1452 TSV=763650716 TSER=245716826 WS=5
  0.055232 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [ACK] Seq=1
Ack=1 Win=5888 Len=0 TSV=245716840 TSER=763650716
  0.058386 192.168.2.99 -> 82.165.xx.xx SSL Client Hello
  0.060498 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [FIN, ACK]
Seq=76 Ack=1 Win=5888 Len=0 TSV=245716842 TSER=763650716
  0.113449 82.165.xx.xx -> 192.168.2.99 TCP https > 38952 [ACK] Seq=1
Ack=76 Win=5792 Len=0 TSV=763650731 TSER=245716841
  0.153361 82.165.xx.xx -> 192.168.2.99 TCP https > 38952 [ACK] Seq=1
Ack=77 Win=5792 Len=0 TSV=763650741 TSER=245716842
  0.973093 82.165.xx.xx -> 192.168.2.99 TLSv1 Server Hello,
  0.973135 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [RST] Seq=77 Len=0
  0.974988 82.165.xx.xx -> 192.168.2.99 TLSv1 Certificate
  0.975018 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [RST] Seq=77 Len=0
  0.975091 82.165.xx.xx -> 192.168.2.99 TLSv1 Server Key Exchange
  0.975112 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [RST] Seq=77 Len=0
  0.975862 82.165.xx.xx -> 192.168.2.99 TCP https > 38952 [FIN, ACK]
Seq=3046 Ack=77 Win=5792 Len=0 TSV=763650946 TSER=245716842
  0.975898 192.168.2.99 -> 82.165.xx.xx TCP 38952 > https [RST] Seq=77 Len=0

But the tshark output on the client side is:

  0.000000 192.168.38.175 -> 192.168.38.2 TCP 36523 > ndl-aas [SYN]
Seq=0 Win=5840 Len=0 MSS=1460 TSV=7661849 TSER=0 WS=7
  0.000133 192.168.38.2 -> 192.168.38.175 TCP ndl-aas > 36523 [SYN, ACK]
Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=245777285 TSER=7661849 WS=6
  0.000165 192.168.38.175 -> 192.168.38.2 TCP 36523 > ndl-aas [ACK]
Seq=1 Ack=1 Win=5888 Len=0 TSV=7661849 TSER=245777285
  0.000200 192.168.38.175 -> 192.168.38.2 HTTP CONNECT
ms2.sourcepark.de:443 HTTP/1.0
  0.000323 192.168.38.2 -> 192.168.38.175 TCP ndl-aas > 36523 [ACK]
Seq=1 Ack=104 Win=5824 Len=0 TSV=245777285 TSER=7661849
  0.055803 192.168.38.2 -> 192.168.38.175 HTTP HTTP/1.0 200 Connection
established
  0.055814 192.168.38.175 -> 192.168.38.2 TCP 36523 > ndl-aas [ACK]
Seq=104 Ack=40 Win=5888 Len=0 TSV=7661863 TSER=245777299
  0.056706 192.168.38.175 -> 192.168.38.2 SSL Client Hello
  0.056813 192.168.38.2 -> 192.168.38.175 TCP ndl-aas > 36523 [ACK]
Seq=40 Ack=179 Win=5824 Len=0 TSV=245777299 TSER=7661864
  0.058911 192.168.38.175 -> 192.168.38.2 TCP 36523 > ndl-aas [FIN, ACK]
Seq=179 Ack=40 Win=5888 Len=0 TSV=7661864 TSER=245777299
  0.059234 192.168.38.2 -> 192.168.38.175 TCP ndl-aas > 36523 [FIN, ACK]
Seq=40 Ack=180 Win=5824 Len=0 TSV=245777300 TSER=7661864
  0.059249 192.168.38.175 -> 192.168.38.2 TCP 36523 > ndl-aas [ACK]
Seq=180 Ack=41 Win=5888 Len=0 TSV=7661864 TSER=245777300

as you can see the "TLSv1 Server Key Exchange" never reaches the client.
For me it looks like the client closes the connection before the packet
arrives.

What can I do make it work ??

Ciao
    Matthias

More information about the python-crypto mailing list