What does "SSLError: [SSL] PEM lib (_ssl.c:2532)" mean using the Python ssl library?

sargas picture sargas · May 7, 2015 · Viewed 64.5k times · Source

I am trying to use connect to another party using Python 3 asyncio module and get this error:

     36     sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
---> 37     sslcontext.load_cert_chain(cert, keyfile=ca_cert)
     38

SSLError: [SSL] PEM lib (_ssl.c:2532)

The question is just what the error mean. My certificate is correct, the keyfile (CA certificate) might not.

Answer

jmunsch picture jmunsch · May 7, 2015

Assuming that version 3.6 is being used:

See: https://github.com/python/cpython/blob/3.6/Modules/_ssl.c#L3523-L3534

 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
 r = SSL_CTX_check_private_key(self->ctx);
 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
 if (r != 1) { 
    _setSSLError(NULL, 0, __FILE__, __LINE__);
    goto error;
 }

What it is saying is that SSL_CTX_check_private_key failed; thus, the private key is not correct.

Reference to the likely version: