I am attempting to connect a client and server with sslContext.wrap_socket with the Python ssl library. I am getting some strange SSL errors including WRONG_VERSION_NUMBER and UNKNOWN_CA even though both the version number and CA are specifically hardcoded in the server and client.
To double check that these hardcoded values are getting through, I want to print out the certificate fields and the TLS version number the client is attempting to connect with. I can do this with SSLSocket.getpeercert() and SSLSocket.version(), but this only works after the handshake (in sslContext.wrap_socket) is complete. The handshakes resulting in errors never complete, and so I cannot use those methods.
Is there a way I can get certificate/TLS transaction information from a failed handshake?
Edit: The error is irrelevant to the question. I know how to fix the error, what I want is to see the handshake information.
This seems to be impossible without modifying CPython. SSLSocket.getpeercert() in ssl.py seems to call _ssl__SSLSocket_getpeercert_impl() in _ssl.c which returns an error if SSL initialization is not complete:
static PyObject *
_ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode)
/*[clinic end generated code: output=1f0ab66dfb693c88 input=e35af55fa5f9bab8]*/
{
int verification;
X509 *peer_cert;
PyObject *result;
if (!SSL_is_init_finished(self->ssl)) {
PyErr_SetString(PyExc_ValueError,
"handshake not done yet");
return NULL;
}
...etc
Also, after reading it's documentation, I believe this also cannot be done with the pyOpenSSL library.