1. 首頁
  2. 問答
  3. 無法在CherryPy上使用SSL 3.8.0

無法在CherryPy上使用SSL 3.8.0

2015-12-01 53 views
1

我正嘗試在CherryPy 3.8.0上使用SSL。我的基本示例在SSL上執行ping響應。無法在CherryPy上使用SSL 3.8.0

我這樣設置配置SSL:

# start Web Service with some configuration 
global_conf = { 
     "global": { "server.environment": "production", 
         "engine.autoreload.on": True, 
         "engine.autoreload.frequency": 5, 
         "server.socket_host": "0.0.0.0", 
         "server.socket_port": 443, 
         "cherrypy.server.ssl_module": "builtin", 
         "cherrypy.server.ssl_certificate": "cert.pem", 
         "cherrypy.server.ssl_private_key": "privkey.pem", 
         "environment": "production", 
         "log.error_file": "site.log"} 
} 
cherrypy.config.update(global_conf) 
conf = { 
    "/": { 
     "request.dispatch": cherrypy.dispatch.MethodDispatcher(), 
     "tools.encode.debug": True, 
    } 
}

然而,當我調用Web服務我得到的錯誤。接下來是Httpie,cURL和openssl日誌。

Httpie登錄:

> http GET https://<host>:443/ping 
http: error: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:600)

捲曲日誌:

> curl -v https://<host>:443/ping 
* Connected to <host> (<host>) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSLv3, TLS handshake, Client hello (1): 
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
* Closing connection 0 
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

OpenSSL的日誌:

> openssl s_client -host <host> -port 443 
CONNECTED(00000003) 
140197694400160:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795: 
--- 
no peer certificate available 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 7 bytes and written 295 bytes 
--- 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
---

來源

2015-12-01 gc5

回答

2

簡單的例子:

import cherrypy 

class RootServer: 
    @cherrypy.expose 
    def index(self, **keywords): 
     return "it works!" 

if __name__ == '__main__': 
    server_config={ 
     'server.socket_host': '0.0.0.0', 
     'server.socket_port':443, 
     'server.ssl_module':'builtin', 
     'server.ssl_certificate':'cert.pem', 
     'server.ssl_private_key':'privkey.pem' 
    } 

    cherrypy.config.update(server_config) 
    cherrypy.quickstart(RootServer())

作品。

可能的問題:

無效的配置

remove從配置cherrypy.前綴:

"server.ssl_module": "builtin", 
"server.ssl_certificate": "cert.pem", 
"server.ssl_private_key": "privkey.pem",

我有完全一樣的例外,當我有CherryPy的前綴的配置。當我修復它時,一切正常。

Python沒有SSL支持

嘗試安裝pyOpenSSL和替換server.ssl_modulepyopenssl

無效證書

您確定您的證書是正確的嗎?

看看http://docs.cherrypy.org/en/latest/deploy.html#ssl-support

來源

2015-12-05 19:00:04

+0

似乎現在正常工作,謝謝。問題確實是無效的配置。我從此頁面獲取:http://docs.cherrypy.org/en/latest/deploy.html#ssl-support – gc5

相關問題

 相關問題