SSLSocket passphrase/password in Python

SSLSocket passphrase/password in Python

up vote 3 down vote favorite 7

I've been looking into making an iOS push notification service for one of my apps lately. It has a Python 2.7 backend so I wanted to do it in Python rather than PHP (or anything else). I've got code that sends a notification and the device receives it, however every time I run the code it asks me to manually enter a 'pass phrase' for the PEM file. This is not ideal, as I want this to be all automated on the server, when it needs to send a notification, it should just send it. I can't find anything in the docs for Python 2.7 that allow me to automatically set the pass phrase from a variable when connecting. If anyone knows how to do this in Python 2.7 or any other ideas I would be really grateful. Here's a snippet of code: certfile = 'devPEM.pem' apns_address = ('gateway.sandbox.push.apple.com', 2195) s = socket.socket() sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, certfile=certfile) sock.connect(apns_address) Thanks in advance. python  ios  ssl  python-2.7  push-notification share | improve this question asked  Dec 3 '12 at 17:38 Baza207 1,102 1 10 24

When you generated the .pem certificate... Did you give it a password? Because if so, that's probably what it's asking you about –   BorrajaX  Dec 3 '12 at 17:46  @BorrajaX Yeah I did and I know what the password is. Should you be able to create the .pem without a password because I thought it wouldn't let me make it without it? –   Baza207  Dec 3 '12 at 18:13 yeah, I don't know how it is done in iOS, but you should be able to give it a blank password (just press enter when prompted for it). Let me know if it works :-) –   BorrajaX  Dec 3 '12 at 18:34  So creating it through the terminal on a mac it asks for the password to be min 4 char. I managed to remove the password from the cert with <code>openssl rsa -in privateKey.pem -out newPrivateKey.pem<code> . That seams to work but it takes ages to produce a notification on a device. :( –   Baza207  Dec 3 '12 at 20:50 Strike that, the first one seemed to be a fluke. Later ones are practically instant. :D –   Baza207  Dec 3 '12 at 20:56 add a comment

1 Answer

active oldest votes

up vote 10 down vote accepted

So the answer as BorrajaX suggested was to not set a password for the key when prompted. However this is not possible as (at least on my Mac) wants the password to be a minimum 4 characters. The steps to fix this are: Take your .p12 and convert it to a .pem with openssl pkcs12 -nocerts -out PushKey.pem -in PushKey.cer, When prompted add a password, Then run openssl rsa -in PushKey.pem -out newPushKey.pem which will remove the password, Create the vert .pem with openssl x509 -in aps_developer_identity.cer -inform der -out PushCert.pem, Merge them with cat PushCert.pem newPushKey.pem > push.pem. The push.pem file then works with the code above without getting prompted for a password/pass phrase. This is a useful website where I found the code for removing the password from the .pem file:http://www.sslshopper.com/article-most-common-openssl-commands.html share | improve this answer edited Dec 3 '12 at 23:17 answered  Dec 3 '12 at 22:13 Baza207 1,102 1 10 24

It's help me to solve the pass phase problem –   Danyun  Mar 11 '13 at 15:43