无法在CherryPy 3.8.0上使用SSL
[英]Unable to use SSL on CherryPy 3.8.0
问题描述
I am trying to use SSL on CherryPy 3.8.0. 
我试图在CherryPy 3.8.0上使用SSL。 My basic example implements a ping response on SSL. 我的基本示例在SSL上实现了ping响应。
I set the configuration for SSL in this way: 我以这种方式设置SSL的配置:
# start Web Service with some configuration
global_conf = {
"global": { "server.environment": "production",
"engine.autoreload.on": True,
"engine.autoreload.frequency": 5,
"server.socket_host": "0.0.0.0",
"server.socket_port": 443,
"cherrypy.server.ssl_module": "builtin",
"cherrypy.server.ssl_certificate": "cert.pem",
"cherrypy.server.ssl_private_key": "privkey.pem",
"environment": "production",
"log.error_file": "site.log"}
}
cherrypy.config.update(global_conf)
conf = {
"/": {
"request.dispatch": cherrypy.dispatch.MethodDispatcher(),
"tools.encode.debug": True,
}
}
However, when I invoke the Web Service I get errors. 但是,当我调用Web服务时,会出现错误。 Httpie, cURL and openssl logs follow. 随后是Httpie,cURL和openssl日志。
Httpie log: Httpie日志:
> http GET https://<host>:443/ping
http: error: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:600)
cURL log: cURL日志:
> curl -v https://<host>:443/ping
* Connected to <host> (<host>) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
OpenSSL log: OpenSSL日志:
> openssl s_client -host <host> -port 443
CONNECTED(00000003)
140197694400160:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
2 个解决方案
解决方案1
2 已采纳 2015-12-05 19:00:04
Simple example: 简单的例子:
import cherrypy
class RootServer:
@cherrypy.expose
def index(self, **keywords):
return "it works!"
if __name__ == '__main__':
server_config={
'server.socket_host': '0.0.0.0',
'server.socket_port':443,
'server.ssl_module':'builtin',
'server.ssl_certificate':'cert.pem',
'server.ssl_private_key':'privkey.pem'
}
cherrypy.config.update(server_config)
cherrypy.quickstart(RootServer())
works. 作品。
Possible issues: 可能的问题:
Invalid config 无效的配置
remove cherrypy. 删除cherrypy. prefix from config: 来自配置的前缀:
"server.ssl_module": "builtin",
"server.ssl_certificate": "cert.pem",
"server.ssl_private_key": "privkey.pem",
I have exactly the same exception, when I have cherrypy-prefixed configuration. 当我使用cherrypy前缀的配置时,我有完全相同的例外。 When I fix it, everything works fine. 修复后,一切正常。
Python doesn't have SSL support Python不支持SSL
Try to install pyOpenSSL and replace server.ssl_module to pyopenssl . 尝试安装pyOpenSSL并将server.ssl_module替换为pyopenssl 。
Invalid cert 无效的证书
Are You sure Your cert is proper? 您确定您的证书正确吗?
Look at http://docs.cherrypy.org/en/latest/deploy.html#ssl-support 查看http://docs.cherrypy.org/en/latest/deploy.html#ssl-support
解决方案2
0 2015-12-04 21:59:26
As far as I know there were some issues with SSL in different versions of CherryPy. 据我所知,CherryPy的不同版本中存在一些SSL问题。 One of issues: Adding support for client certificate verification in SSLAdapter (patch included) 问题之一: 在SSLAdapter中添加对客户端证书验证的支持(包括补丁)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.