Reputation: 4219
how to add security context to flask?
I was trying to add a security context to a simple flask application
import flask
import ssl
app = flask.Flask(__name__)
@app.route('/', methods=['GET'])
def home():
return "<h1>THIS IS HOME</h1>"
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
ctx.load_cert_chain('crt-key-crs/download-system.crt', 'crt-key-crs/download-system.key')
if __name__ == '__main__':
app.run(debug=True, use_reloader=False, ssl_context=ctx)
and when running it after typing the pass phrase the following error occurred:
Traceback (most recent call last):
File "flask-test.py", line 16, in <module>
app.run(debug=True, use_reloader=False, ssl_context=ctx)
File "/usr/lib/python3/dist-packages/flask/app.py", line 772, in run
run_simple(host, port, self, **options)
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 710, in run_simple
inner()
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 692, in inner
passthrough_errors, ssl_context).serve_forever()
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 486, in make_server
passthrough_errors, ssl_context)
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 425, in __init__
self.socket = tsafe.Connection(ssl_context, self.socket)
File "/usr/lib/python3/dist-packages/OpenSSL/tsafe.py", line 11, in __init__
self._ssl_conn = apply(_ssl.Connection, args)
NameError: name 'apply' is not defined
Then I found in the docs that apply(function, *args, **kwargs) was replaced by function(*args, **kwargs) so I went to the file /usr/lib/python3/dist-packages/OpenSSL/tsafe.py and manually modified that line and when running again the following error came up:
Traceback (most recent call last):
File "flask-test.py", line 16, in <module>
app.run(debug=True, use_reloader=False, ssl_context=ctx)
File "/usr/lib/python3/dist-packages/flask/app.py", line 772, in run
run_simple(host, port, self, **options)
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 710, in run_simple
inner()
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 692, in inner
passthrough_errors, ssl_context).serve_forever()
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 486, in make_server
passthrough_errors, ssl_context)
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 425, in __init__
self.socket = tsafe.Connection(ssl_context, self.socket)
File "/usr/lib/python3/dist-packages/OpenSSL/tsafe.py", line 11, in __init__
self._ssl_conn = _ssl.Connection(*args)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 804, in __init__
raise TypeError("context must be a Context instance")
TypeError: context must be a Context instance
After this and knowing that apply was completely removed from python3.x I run my application with python2.7.9 to check if I did something wrong when modifying that line and apparently I didn't because the same error happened again. So what do I need to do or change in my code in order to use a security context with my flask application? Thanks in advance.
Upvotes: 4
Views: 2157
Answers (1)
Reputation: 4219
After searching and testing a lot I found that the code is alright, the problem was the version of the Werkzeug server. I upgraded with sudo pip3 install Werkzeug --upgrade and now it's working fine.
Upvotes: 3
Related Questions
- Securing a flask app (python)
- How to Support Flask-SSE Access Control
- Https with Http in Flask Python
- Flask authentication with Flask-Security
- Trying to implement flask-security
- SSL Protocol error with flask app
- Flask ssl. Always writes connection is unsecure
- Difference between ssl_context options in Python Flask
- Two-way ssl authentication for flask
- Flask-Security can't initialize properly