Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL error on tornado server

I'm trying to make a HTTPS web server. Here is my code...

import tornado.escape
import tornado.ioloop
import tornado.web
import tornado.httpserver
import settings
import os
import ssl

class Application(tornado.web.Application):
    def __init__(self):
        handlers = [
            (r'/login', LoginPage),
        ]
        args = {
            'template_path': settings.TEMPLATE_PATH,
            'static_path': settings.STATIC_PATH,
            'debug': True,
            'cookie_secret': settings.COOKIE_SECRET,
            'login_url': settings.LOGIN_URL,
        }

        tornado.web.Application.__init__(self, handlers, **args)

class LoginPage(tornado.web.RequestHandler):
    def get(self):
        self.write("SSL. Yay!")


if __name__ == '__main__':
    applicaton = Application()
    ssl_options = {'certfile': os.path.join(settings.SSL_PATH, 'certificate.crt'),
                   'keyfile': os.path.join(settings.SSL_PATH, 'privateKey.key'),
    }
    http_server = tornado.httpserver.HTTPServer(applicaton, ssl_options=ssl_options)
    http_server.listen(8888)
    tornado.ioloop.IOLoop.instance().start()

I generated my certificate.crt and privateKey.key using the following command...

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

When I run the server and go to localhost:8888/login I get the following error...

/usr/bin/python2 /home/user/dev/sslserver/main.py
WARNING:root:SSL Error on 9 ('127.0.0.1', 55303): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
WARNING:root:SSL Error on 10 ('127.0.0.1', 55304): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
WARNING:root:SSL Error on 9 ('127.0.0.1', 55305): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

If I remove the ssl_options=ssl_options the webpage displays fine. Am I missing an argument for ssl_options? I'm new to certificates and ssl so any advice on how to get this working would be greatly appreciated. Thanks!

like image 827
b10hazard Avatar asked Feb 13 '23 18:02

b10hazard


1 Answers

You need to explicitly go to https://localhost:8888 (not just localhost:8888). Without the https:// prefix, the browser is sending unencrypted http; that's what the "http request" error message from openssl means. You can't serve http and https on the same port, but you can start up a second HTTPServer without ssl_options on a different port.

like image 196
Ben Darnell Avatar answered Feb 15 '23 09:02

Ben Darnell