{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 【Aperson】 的问题《Python SSL example from docs gives “Connection res》','https://www.manongdao.com/q-336840.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to run the example code provided in the documentation for the ssl module here: http://docs.python.org/2/library/ssl.html#client-side-operation
The server-side code is similar to the example given in the documentation, and it throws this exception:
Traceback (most recent call last):
File "serve.py", line 16, in <module>
ssl_version=ssl.PROTOCOL_TLSv1)
File "/usr/lib/python2.7/ssl.py", line 381, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 143, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
socket.error: [Errno 104] Connection reset by peer
And the client-side code, also similar to the example in the documentation, throws this exception:
Traceback (most recent call last):
File "client.py", line 8, in <module>
ssl_sock.connect((host, port))
File "/usr/lib/python2.7/ssl.py", line 331, in connect
self._real_connect(addr, False)
File "/usr/lib/python2.7/ssl.py", line 324, in _real_connect
raise e
socket.error: [Errno 104] Connection reset by peer
As far as I can see, I've copied the examples provided in the documentation quite closely, so I don't know what the problem is. All of my TCP, UDP and ICMP ports are open, so I don't think it is a firewall issue.
(I've edited this question to cut out my code for brevity, as it really is quite similar to the example provided in the link. If you want to see my code, look at the history of this question.)
I found the problem. I generated the private key and the certificate using command like this:
The crucial part is that the "common name" entered must match the domain name of the server. I thought that when
cacertsisssl.CERT_NONE, which it is by default forwrap_socket, this wouldn't be checked, but I was wrong. It's always checked. One night's sleep and it's the first thing I thought of to verify!Hopefully this will be useful to someone else who gets this cryptic error message.
If this doesn't solve it, you might be suffering from deep packet inspection. I got this error again when I was on a university network, but not on any other network, and I'm fairly certain it was because of deep packet inspection.