0

I want to connect to the IRC, using SSL. I write in Python 2.7. However, for the code below:

HOST = 'chat.freenode.net' PORT = 7000 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) code = sock.connect_ex((HOST, PORT)) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations('COMODOECCCertificationAuthority.crt') secure_sock = context.wrap_socket(sock)

PyCharm shows error in line secure_sock = context.wrap_socket(sock) what is wrong?

Improve this question

1 Answer 1

Reset to default
1

context.load_verify_locations('COMODOECCCertificationAuthority.crt')

I don't know what is in the file COMODOECCCertificationAuthority.crt but it looks like you expecting a certificate signed by Comodo. But, the issuer for the certificate of chat.freenode.net is Let's Encrypt and not Comodo. You can get the chain for example with 

$ openssl s_client -connect chat.freenode.net:7000 ... Certificate chain 0 s:/CN=cherryh.freenode.net i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3

This means the root CA you need to trust is 'DST Root CA X3'. You can download the certificate for this CA here. If you add this as trusted in load_verify_locations it works.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I opened a https://freenode.net/ page and exported the certificate using my browser (newest Firefox). Why it didn't work then?
Besides my question above, when I changed the certificate to one you posted a link to, now I have a new error: ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1754)
@yak: A site can use different certificates for different services and freenode is doing this, i.e. using a different certificate for https and for irc. As for the second error: this is a different problem and thus should not be asked in a comment. Please ask a new question where you provide more detail about this problem, including full version of python you use (i.e. 2.7.x) and of openssl (ssl.OPENSSL_VERSION).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.