CODEWITHSUNDEEP
pythonsslcertificatetornado
b10hazard
b10hazard

Reputation: 7809

SSL error on tornado server

I'm trying to make a HTTPS web server. Here is my code...

import tornado.escape
import tornado.ioloop
import tornado.web
import tornado.httpserver
import settings
import os
import ssl

class Application(tornado.web.Application):
    def __init__(self):
        handlers = [
            (r'/login', LoginPage),
        ]
        args = {
            'template_path': settings.TEMPLATE_PATH,
            'static_path': settings.STATIC_PATH,
            'debug': True,
            'cookie_secret': settings.COOKIE_SECRET,
            'login_url': settings.LOGIN_URL,
        }

        tornado.web.Application.__init__(self, handlers, **args)

class LoginPage(tornado.web.RequestHandler):
    def get(self):
        self.write("SSL. Yay!")


if __name__ == '__main__':
    applicaton = Application()
    ssl_options = {'certfile': os.path.join(settings.SSL_PATH, 'certificate.crt'),
                   'keyfile': os.path.join(settings.SSL_PATH, 'privateKey.key'),
    }
    http_server = tornado.httpserver.HTTPServer(applicaton, ssl_options=ssl_options)
    http_server.listen(8888)
    tornado.ioloop.IOLoop.instance().start()

I generated my certificate.crt and privateKey.key using the following command...

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

When I run the server and go to localhost:8888/login I get the following error...

/usr/bin/python2 /home/user/dev/sslserver/main.py
WARNING:root:SSL Error on 9 ('127.0.0.1', 55303): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
WARNING:root:SSL Error on 10 ('127.0.0.1', 55304): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
WARNING:root:SSL Error on 9 ('127.0.0.1', 55305): [Errno 1] _ssl.c:509: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

If I remove the ssl_options=ssl_options the webpage displays fine. Am I missing an argument for ssl_options? I'm new to certificates and ssl so any advice on how to get this working would be greatly appreciated. Thanks!

Upvotes: 4

Views: 7787

Answers (2)

Ben Darnell
Ben Darnell

Reputation: 22134

You need to explicitly go to https://localhost:8888 (not just localhost:8888). Without the https:// prefix, the browser is sending unencrypted http; that's what the "http request" error message from openssl means. You can't serve http and https on the same port, but you can start up a second HTTPServer without ssl_options on a different port.

Upvotes: 8

Martin Konecny
Martin Konecny

Reputation: 59601

You should not use SSL to a localhost hostname connection. SSL + HTTPS use a certificate with your domain name, and use this to provide authentication.

Since you are connecting to localhost, your hostname (localhost) will not match the hostname on the certificate and you will receive a certificate error.

There are some ways to hack around this, but I would just non-SSL (regular HTTP) on your local machine, and then when you push to your server (with your proper domain name), you can enable SSL.

Upvotes: 1

Related Questions