OpenSSL错误-RestClient宝石-Python WSGI
[英]OpenSSL error - RestClient Gem - Python WSGI
问题描述
Issue : 
问题 :
I'm struggling on a SSL issue. 我正在努力解决SSL问题。 I'm trying to connect to a Web server for a Python application but each time I execute a request, I have this error : 我正在尝试为Python应用程序连接到Web服务器,但是每次执行请求时,都会出现此错误:
RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 state=error: certificate verify failed:
Details : 细节 :
- I use the RestClient gem (v1.8.0) and am trying a simple GET request 我使用RestClient gem(v1.8.0) ,正在尝试一个简单的GET请求
The python code to launch the server is as so :
启动服务器的python代码如下: http_server = WSGIServer(('', int(port)), app, log=nylas_logger, handler_class=NylasWSGIHandler,
http_server = WSGIServer(('',int(port)),app,log = nylas_logger,handler_class = NylasWSGIHandler,
keyfile='/vagrant/server.key', certfile='/vagrant/server.crt')keyfile ='/ vagrant / server.key',certfile ='/ vagrant / server.crt') - I use the same certificates (wildcard certificate COMODO) on another subdomain on another server (Nginx Passenger) and I can successfully launch my requests 我在另一台服务器(Nginx Passenger)的另一个子域上使用相同的证书(通配符证书COMODO),并且可以成功启动我的请求
What I tried : 我试过了
- I tried reinstalling Openssl using Brew 我尝试使用Brew重新安装Openssl
- I successfully launched my request passing the verify_ssl: false flag to the restclient gem (but I want to find a solution that does not use this workaround) 我成功启动了我的请求,将verify_ssl:false标志传递给restclient gem(但我想找到一种不使用此替代方法的解决方案)
- I tried reinstalling Ruby (I'm using RVM) with the --disable-bynary flag 我尝试使用--disable-bynary标志重新安装Ruby(我正在使用RVM)
- I launched
rvm osx-ssl-certs update all我启动了rvm osx-ssl-certs update all
The most surprising is that I actually can perform requests on another type of server using the same certificates so it seems the issue may be with the Python web server. 最令人惊讶的是,我实际上可以使用相同的证书在另一种类型的服务器上执行请求,因此看来问题可能出在Python Web服务器上。
1 个解决方案
解决方案1
0 已采纳 2016-08-19 12:51:52
It turns out the gevent.pywsgi server did not handle the SSL certificate correctly. 事实证明,gevent.pywsgi服务器未正确处理SSL证书。 I installed Nginx and did a reverse proxy on the localhost Python gevent.pywsgi server and did the SSL handling on the Nginx part and it worked instantly. 我安装了Nginx,并在本地Python gevent.pywsgi服务器上进行了反向代理,并在Nginx部分进行了SSL处理,它立即起作用。
For information, my nginx conf : 有关信息,请参阅我的nginx conf:
server{
listen 80;
return 301 https://$host$request_uri;
}
server{
listen 443;
server_name subdomain.domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/cert.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proro $scheme;
proxy_pass http://localhost:5555;
proxy_read_timeout 90;
proxy_pass_request_headers on;
proxy_redirect http://localhost:5555 https://subdomain.domain.com;
}
}
And I restricted the python server to listen only to localhost requests. 而且我将python服务器限制为仅侦听localhost请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.