Ignore "certificate unknown" alert

Question

I have the following simple Python script:

import socket
import ssl

if __name__ == "__main__":
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind("", 443)
    s.listen(1)
    (conn, addr) = s.accept()
    sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt", keyfile="server.key", cert_reqs=ssl.CERT_NONE)

    print 'Connection established'
    while True:
        data = sslconn.recv(1024)
        if not data: break
        print "Data received"


    sslconn.close()

The files server.crt and server.key specify the public and private key of a self-signed certificate. If I connect to the host running this script using, say, Firefox, the script terminates with

ssl.SSLError: [Errno 1] _ssl.c:503: sslv3 alert certificate unknown

From what I gather, this comes from the client (say, Firefox) alerting the host that the certificate is invalid. That's fine, but why does it cause the script to terminate? Must I explicitly ignore the alert somehow?

Answer 1

Try catching the exception and ignoring it. It is supposed to be non-fatal.

sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt",
                          keyfile="server.key", cert_reqs=ssl.CERT_NONE,
                          do_handshake_on_connect=False)
try:
    sslconn.do_handshake()
except ssl.SSLError, err:
    if err.args[1].find("sslv3 alert") == -1:
        raise