那些遇到过的问题

小编Sou*_*ruh的帖子

无法在Tornado中获取SSL客户端证书

我需要在Tornado中设置客户端 - 服务器认证通信.我生成了根CA证书,然后用它来签署服务器和客户端证书.当我使用openssl验证这些证书时,一切看起来都很好(见下文).但是当我在Tornado中使用相同的密钥和证书时,我会得到"tlsv1 alert unknown ca".

龙卷风服务器:

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)                                                                                                                            
context.verify_mode = ssl.CERT_REQUIRED
context.load_cert_chain("/home/soustruh/cert/server.cert.pem",
        "/home/soustruh/cert/server.key.pem")
context.load_verify_locations("/home/soustruh/cert/rootCA.pem")

server = tornado.httpserver.HTTPServer(application, ssl_options=context)
server.listen(6090)
tornado.ioloop.IOLoop.instance().start()
Run Code Online (Sandbox Code Playgroud)

龙卷风客户:

url = "https://127.0.0.1:6090/" 
request = tornado.httpclient.HTTPRequest(url = url, method = "GET", 
        client_key="/home/soustruh/cert/client.key.pem",
        client_cert="/home/soustruh/cert/client.cert.pem")
client = tornado.httpclient.AsyncHTTPClient()
param = yield client.fetch(request, self.handle_request)
Run Code Online (Sandbox Code Playgroud)

客户端错误:

WARNING:tornado.general:SSL Error on 10 ('127.0.0.1', 6090): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
Run Code Online (Sandbox Code Playgroud)

服务器错误:

WARNING:tornado.general:SSL Error on 9 ('127.0.0.1', 47104): [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:598)
ERROR:tornado.general:Uncaught exception …
Run Code Online (Sandbox Code Playgroud)

python ssl openssl tornado python-3.x

Sou*_*ruh
2014 08-27
9
推荐指数
1
解决办法
1万
查看次数

标签 统计

openssl ×1

python ×1

python-3.x ×1

ssl ×1

tornado ×1