我一直在使用 uwsgi(2.0.15)和 gevent 作为异步运行 Flask-SocketIO 程序。但是,当我尝试使用ssl支持构建uwsgi时,我收到以下错误 -
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
我使用以下命令使用OpenSSL(1.0.2.g)构建的自签名密钥和证书文件 -
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
我已经检查了ussgi的official documentation ssl支持,他们建议使用自签名密钥。但是,我的问题是,uwsgi是否真的对使用OpenSSL的自签名密钥有ssl支持?
这是我用来用ssl构建uwsgi的命令 -
uwsgi --https :5006,cert.pem,key.pem --gevent 1000 --http-websockets --master --wsgi-file server.py --callable app
这是我对错误的完整追溯:
Traceback (most recent call last):
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/engineio/server.py", line 405, in _trigger_event
return self.handlers[event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 520, in _handle_eio_message
self._handle_event(sid, pkt.namespace, pkt.id, pkt.data)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 456, in _handle_event
self._handle_event_internal(self, sid, data, namespace, id)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 459, in _handle_event_internal
r = server._trigger_event(data[0], namespace, sid, *data[1:])
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 488, in _trigger_event
return self.handlers[namespace][event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 243, in _handler
*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 626, in _handle_event
ret = handler(*args)
File "server.py", line 84, in chat_message
response = request.getresponse()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 128, in getresponse
self._connect()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 82, in _connect
self._connection.connect()
File "/usr/lib/python3.5/http/client.py", line 1260, in connect
server_hostname=server_hostname)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 60, in wrap_socket
_session=session)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 232, in __init__
raise x
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 228, in __init__
self.do_handshake()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 545, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
所以,如果uwsgi真的支持Self Signed Key,那么这个错误的原因是什么?或者,gevent有什么问题吗?
由于我自己没有任何注册域名,此时我无法获得CA签名证书。
答案 0 :(得分:1)
根据堆栈跟踪,这不是您在服务器上使用的自签名证书的问题。您的应用程序中有一个名为chat_message()
的函数,它是一个事件处理程序。在此功能中,您使用请求库发送HTTP请求,对吗?
您在此事件处理程序中联系的服务器也是https://,并且请求库无法验证它提供的证书。如果该服务也使用自签名证书,则需要配置绕过验证的请求,如下所示:
requests.get(url, verify=False)