I am trying to connect to Gmail's SMTP using sockets in Python3. With this code (omitting the response-recieving parts):
import ssl
import base64
from socket import *
cs = socket(AF_INET, SOCK_STREAM)
cs.connect(("smtp.gmail.com", 587))
cs.send(b'EHLO smtp.google.com\r\n')
cs.send(b'STARTTLS\r\n')
ws = ssl.wrap_socket(cs, ssl_version=ssl.PROTOCOL_TLSv1, ciphers="ADH-AES256-SHA")
But I'm getting the following error in do_handshake
in the last line:
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:645)
I have also tried the following version in the last line:
ssl_version=ssl.PROTOCOL_SSLv23
ssl.PROTOCOL_TLSv1
ssl.OP_NO_SSLv3
ssl.OP_NO_TLSv1
ssl.PROTOCOL_SSLv2
ssl.PROTOCOL_SSLv23
ssl.PROTOCOL_SSLv3
ssl.PROTOCOL_TLSv1
Am I doing something wrong ? Thanks.
The problem is that you're never receiving on your socket. You may be able to get away with that on some servers (have my doubts) but Google's servers don't like it. Really don't think it would work with any server as I'm pretty sure you need a clean receive buffer so the TLS negotiation can take place without a bunch of prior junk still in the pipeline.
Your code is working with the following changes for me:
import ssl
import base64
from socket import *
cs = socket(AF_INET, SOCK_STREAM)
cs.connect(("smtp.gmail.com", 587))
print(cs.recv(4096))
cs.send(b'EHLO smtp.google.com\r\n')
print(cs.recv(4096))
cs.send(b'STARTTLS\r\n')
print(cs.recv(4096))
ws = ssl.wrap_socket(cs, ssl_version=ssl.PROTOCOL_TLSv1)
ws.send(b'MAIL FROM: abc#def.com\r\n')
print(ws.recv(4096))
But as has already been mentioned in the comments, unless this is just for fun and/or a learning experience, you should be using python's smtplib.
Related
I'm a beginner in python socket programming and I have to send a message from the server to the client side . I have 2 python IDLES one for the server and one for the client. I have made the server file with no errors but when I create a connection socket in my client file and try to connect to server I get the error:
clientSocket.connect((servername,port))
ConnectionRefusedError: [WinError 10061] no connection could be made because the target machine actively refused it
I don't know how to deal with this error and I would appreciate your help with guiding me.
Thank you in advance.
My code:
Server:
from socket import *
port = 1234
serverSocket = socket(AF_INET,SOCK_STREAM)
serverSocket.bind(('',port))
serverSocket.listen()
print("Server has started")
data = "Network labs"
while True:
connectionSocket , addr = serverSocket.accept()
connectionSocket.send(data)
connectionSocket.close()
Client:
from socket import *
port = 1234
servername = 'localhost'
clientSocket = socket(AF_INET,SOCK_STREAM)
clientSocket.connect((servername,port)) #this is where the error happens
I would gradually try to understand where the problem is coming from.
Try to identify where the problem is:
Write an example which is available online and will surely works, and then you will know that the problem is in your code.
Try to use the same code on different computer, or a VM. If it will work there you will know that the problem is with the environment.
Try to find people with similar problems, you will usually won't be the first. - Errno 10061 : No connection could be made because the target machine actively refused it ( client - server ) - this seems nice.
Find out if your server is running correctly, checks if someone is listening on port 1234 before running the client. (Use netstat)
Few things which unrelated to the subject but will improve your coding:
1. Don't import *, it's just an easy way to get name collision.
2. Use conventions, it's just make everything nicer to read. https://www.python.org/dev/peps/pep-0008/
Of course you can ignore all of this, it's just an advice.
I'm implementing an IMAP proxy which securely communicates with a client.However, I have a problem when handshaking.
The code of my proxy is:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.bind((host, port))
ssock, addr = self.sock.accept()
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
self.conn_client = context.wrap_socket(ssock)
And I receive the error:
ssl.SSLError: [SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:833)
The code of my tests is:
M = imaplib.IMAP4_SSL(IP_PROXY)
And I receive the error:
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:777)
However, when the code of the proxy is:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.bind((host, port))
ssock, addr = self.sock.accept()
self.conn_client = ssl.wrap_socket(ssock, certfile=CERT, server_side= True)
It correctly works but I don't want to use certificate.
Thank you
It correctly works but I don't want to use certificate.
SSL/TLS is almost everywhere used with a certificate to make sure that the client is talking to the expected server and not to some man in the middle. If you don't want to use a certificate you need to either use a different kind of authentication (like PSK) or use no authentication at all ("anonymous authentication" - very bad idea).
In any way you would need to set the relevant ciphers to enable this alternative authentication on both client and server. This can be done with the ciphers attribute to wrap_socket on the server side and in your client code it could probably be done by constructed a SSLContext with the necessary ciphers and using the ssl_context argument to specific the context to be used in IMAP4_SSL.
But this is only for your specific Python based IMAP client. Don't expect that you will be able to configure commonly used IMAP clients like Thunderbird or Outlook to be usable with a server without certificates. And like I said, it is a bad idea in the first place.
I am trying to use client side certificates for authentication in Python, but I just can't figure it out.
I am using this for my testing:
https://blog.cloudflare.com/introducing-tls-client-auth/
(Skip to "TLS Client Authentication On The Edge" for the pem file and example curl call).
It works as expected in curl, but when I try it in Python I get a 403 back from the server.
Here is what I have tried in Python:
import ssl
import socket
s = socket.socket()
addr_info = socket.getaddrinfo('auth.pizza',443)
addr = addr_info[0][-1]
ss = ssl.wrap_socket(s, certfile='pizza.pem')
ss.connect(addr)
ss.write(b'GET / HTTP/1.0\r\n\r\n')
print(ss.read(4096))
I'm at a loss for how to even debug this further.
I'm using Python 2.4.4 and OpenSSL 0.9.8k (not by choice)
I've referred to the documentation: https://docs.python.org/release/2.4.4/lib/module-socket.html
and to pretty much every mention of "openSSL" and "python" on the internet, and I haven't found a solution to my problem.
I'm simply writing a test program to initiate an SSL connection. Here is the code:
server
#!/usr/bin/python
import socket
import _ssl
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 4433))
s.listen(5)
while True:
client, address = s.accept()
ssl_client = socket.ssl(client,
keyfile='keyfile',
certfile='certfile')
print "Connection: ", address
data = ssl_client.read(1024)
if data:
print "received data: ", data
ssl_client.write(data + " Hello, World!")
del ssl_client
client.close()
client
#!/usr/bin/python
import socket
import _ssl
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('host', 4433))
ssl_s = socket.ssl(s,
keyfile='keyfile',
certfile='certfile')
print 'writing ', ssl_s.write("Hello, World!"), ' bytes to ssl stream'
data = ssl_s.read(1024)
del ssl_s
s.close()
print "received data: ", data
Some notes about this code - keyfile and certfile are paths to my actual key and cert file. Those arguments are not the issue. The hostnames are also not the issue. I'm aware that the port used is 4433 - in our requirements, we're meant to use a generic port, not 443. I was unaware that it was possible to use SSL over a different port, but regardless, even when I use 443 I get the exact same error.
I can run the server fine, and then when I run the client, I get the following error on the wrap_socket lines for both client and server:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
I've read it's due to using a non-443 port, but again, using 443 didn't fix things. I've read it could be a protocol mismatch, but the client and the server are both defaulting to SSL2.3. We're meant to use TLS1.2 as per our requirements, but the docs don't seem to have any information on how to set the SSL protocol version. I'm unsure if that's related to my issue. Please keep in mind I'm not here to open a dialogue regarding to use of outdated SSL and Python versions.
socket.ssl is only able to initiate a SSL connection and the given optional cert and key are for use of client certificates. socket.ssl is not able to be used on the server side and it looks like python 2.4.4 does not offer this feature in any of the core modules at all. In later versions of python you can use the ssl module for this but 2.4.4 does not seem to have this.
What's the easiest way to connect to a SMTP server that supports STARTTLS and get its server SSL certificate? I know it can be done using openssl with something like this
openssl s_client -starttls smtp -crlf -connect 192.168.0.1:25
How can I do it from within Python and I don't want to call openssl and parse its output. I looked at M2Crypto which is an openssl wrapper, but as far as I can tell that doesn't support starttls. An example of how to do it with a Python library would be very much appreciated.
This returns a certificate in binary format (DER-encoded):
import socket, ssl
s = socket.socket()
s.connect(("host", 25))
s.send("STARTTLS\n")
s.recv(1000)
ss = ssl.wrap_socket(s)
certificate_der = ss.getpeercert(True)
This is jus to give you an idea, error handling, etc. is required of course. If you want to decode the information from the certificate you either have to prodivde a certificate authorities bundle/directory for acceptable CAs (getpeercert() will return a meaningfull dict in this case), or use a more capable ssl library, M2Crypto for example.
You could try something like:
import ssl
cert = ssl.get_server_certificate(('imap.gmail.com',993))
to get server's certificate
As I can't comment abbot answer, just remark that depending on the server config you may need to send an EHLO before STARTTLS:
import socket, ssl
hostname = 'test.com'
port = 25
context = ssl.create_default_context()
with socket.create_connection((hostname, port)) as sock:
sock.recv(1000)
sock.send(b'EHLO\nSTARTTLS\n')
sock.recv(1000)
with context.wrap_socket(sock, server_hostname=hostname) as sslsock:
der_cert = sslsock.getpeercert(True)
smtplib provides the starttls() method which should deal with all issues:
http://docs.python.org/library/smtplib.html