connection refused

[kfiras]

Hi,
I am following this recipe: https://github.com/ActiveState/code/blob/3b27230f418b714bc9a0f897cb8ea189c3515e99/recipes/Python/577548_HTTPS_httplib_Client_ConnectiCertificate/recipe-577548.py

but I am getting the following error:

Traceback (most recent call last):
File "./firas.py", line 45, in
conn.request('GET', '/_searchguard/authinfo')
File "/usr/lib64/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 826, in send
self.connect()
File "./firas.py", line 26, in connect
sock = socket.create_connection((self.host, self.port), self.timeout)
File "/usr/lib64/python2.7/socket.py", line 571, in create_connection
raise err
socket.error: [Errno 111] Connection refused

Any help is really appreciated. I am not seeing anything in the logs that can help me in debugging this issue.

Thanks,
Firas Khasawneh

[ahsec]

Looks like you're trying to establish an HHTPS connection.
What server are you trying to connect to?
Also is this the URN you're trying to retrieve is /_searchguard/authinfo ?

[kfiras]

yes.I am trying to connect over https. Below is the command line:

./firas.py "server ip address" 9200 "path to client certificate key" "path to client certificate file" "path to root CA file"

below is my code (firas.py):

class HTTPSClientAuthConnection(httplib.HTTPSConnection):
    """ Class to make a HTTPS connection, with support for full client-based SSL Authentication"""

    def __init__(self, host, port, key_file, cert_file, ca_file, timeout=None):
        httplib.HTTPSConnection.__init__(self, host, key_file=key_file, cert_file=cert_file)
        self.key_file = key_file
        self.cert_file = cert_file
        self.ca_file = ca_file
        self.timeout = timeout

    def connect(self):
        """ Connect to a host on a given (SSL) port.
            If ca_file is pointing somewhere, use it to check Server Certificate.

            Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
            This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to ssl.wrap_socket(),
            which forces SSL to check server certificate against our client certificate.
        """
        sock = socket.create_connection((self.host, self.port), self.timeout)
        if self._tunnel_host:
            self.sock = sock
            self._tunnel()
        # If there's no CA File, don't force Server Certificate Check
        if self.ca_file:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
        else:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE)

if __name__ == '__main__':
    # Little test-case of our class
    import sys
    if len(sys.argv) != 6:
        print('usage: python https_auth_handler.py host port key_file cert_file ca_file')
        sys.exit(1)
    else:
        host, port, key_file, cert_file, ca_file = sys.argv[1:]
    conn = HTTPSClientAuthConnection(host, port, key_file=key_file, cert_file=cert_file, ca_file=ca_file)
    conn.request('GET', '/_searchguard/authinfo')
    response = conn.getresponse()
    print response.status, response.reason
    data = response.read()
    print (data)
    conn.close()