m-click / requests_pkcs12

Add PKCS#12 support to the Python requests library in a clean way, without monkey patching or temporary files
ISC License
123 stars 33 forks source link

OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown')] #11

Closed VicTangg closed 5 years ago

VicTangg commented 5 years ago

Hi,

Thank you for the library. I wrote a piece of codes on Repl and that works very well. However, when I run the same piece of code on my machine, the error stated in the title occurs... The different I notice is that OpenSSL on local machine is 1.0.2 and on the Repl is 1.0.1. May I know what else may cause this kind of issue? Thank you!

Yours, Victor

vog commented 5 years ago

Unfortunately, OpenSSL error messages are often not very detailed. Among all possible errors, there are 2 or 3 typical messages that occur in "almost every" error case, making that error messages only useful for a first guess but not much more.

In your specific case, the problem may or may not be related to the PKCS12 client certificate. It could as well be related to the server certificate and/or the local trust chains used for verifying. Especially in the latter case, you might have more luck asking at the requests library project.

Regarding this tiny requests_pkcs12 library, there's actually just one thing you can try:

This is not meant to be a permanent solution. requests_pkcs12 is specifically designed so you don't need that kind of dirty workarounds. But this will help you for debugging, as you can see if your problem is related to requests_pkcs12 or not. In the latter case, you could then go directly to the requests or PyOpenSSL projects, which have bigger communities, and ask there.

vog commented 5 years ago

This issue is several months old, so I assume you were able to solve your problem on your own. I'm closing this issue for now. If this problem still exists, feel free to reopen this issue and provide further details.