0

I have a very strange issue with ssl library in Python.

My Python version is 3.5.2.

All I'm doing is running the following three lines of code:

import ssl
ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=r'C:\_del\publicCert.pem', 
                            keyfile=r'C:\_del\privateKey.pem')

Calling the last line throws an error:

OSError: [Errno 9] Bad file descriptor

I was trying to find information on ssl library and "Bad file descriptor" error, but all I found were issues where connection was already established. I think in my case, it must have something to do either with the settings or the files themselves, since when I create_default_context and load_cert_chain there's no connection to the server yet.

My certificate/key files have the following structure:

privateKey.pem

Bag Attributes
localKeyID: ...
friendlyName: ...

Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: ...
DEK-Info: ...
...key content...
-----END RSA PRIVATE KEY-----

publicCert.pem

Bag Attributes
localKeyID: ...
friendlyName: ...
subject=...
issuer=...
-----BEGIN CERTIFICATE-----
... certificate content ...
-----END CERTIFICATE-----

Has anyone encountered such issue? Is it possible that the certificate I'm using is not compatible with OpenSSL version (0.9.8r)? The certificate uses SHA256 algorithm.

Additional information: When I'm using openssl and try to verify the certificate PEM file:
openssl verify C:\_del\certfile.pem
I'm getting the following error:
error 20 at 0 depth lookup:unable to get local issuer certificate

Improve this question
8
  • The certificate file publicCert.cert must be a singe file of format PEM. do you know what is format of your cert file? Commented Oct 4, 2017 at 10:54
  • Please post your complete code. it does not help a lot. I think you are not opening socket and trying to connect with it. Commented Oct 4, 2017 at 10:57
  • may be this help: stackoverflow.com/questions/17207051/… Commented Oct 4, 2017 at 10:57
  • What is in the original post is my complete code. It is really just 3 lines. Importing ssl library, creating default context (with Client Authentication purpose) and trying to load certificate and key. Both publicCert.cert and privateKey.key are in fact pem files. I think there is no connection within these 3 lines. Commented Oct 4, 2017 at 13:50
  • you just want to make context? and nothing else? This application makes no sense. what do you want to achieve? Commented Oct 4, 2017 at 15:25

1 Answer 1

Reset to default
1

I encountered this issue myself, and couldn't find any answers online. Finally, I figured it out.

If you open your key file, and either:

  1. The first line looks like this: -----BEGIN ENCRYPTED PRIVATE KEY-----
  2. The Proc-Type contains the string Encrypted (which may be the case for OP, although he didn't tell us the Proc-Type)

...Then you must provide the password argument to the load_cert_chain() call in order to decrypt the private key. If you don't supply a password, you can get the Bad file descriptor error.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.