python - 花:设置 SSL 'verify_mode'
问题描述
使用: Flower 0.9.5(安装 Tornado 6.0.4)、Celery 4.4.6、Python 3.7
开始Flower
时
celery -A myProj flower
一切都按预期工作。花服务于http://localhost:5555
。
开始Flower
时
celery -A myProj flower --keyfile=/home/me/cert/key.pem --certfile=/home/me/cert/cert.pem
它服务于https://localhost:5555
但在尝试访问它时,Chrome 状态ERR_CONNECTION_RESET
和Flower
日志
2020-09-16 17:19:37,421 - tornado.general - ERROR - Uncaught exception, closing connection.
Traceback (most recent call last):
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 711, in _handle_events
self._handle_read()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 1498, in _handle_read
self._do_ssl_handshake()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 1458, in _do_ssl_handshake
if not self._verify_cert(self.socket.getpeercert()):
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 1481, in _verify_cert
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL)
UnboundLocalError: local variable 'verify_mode' referenced before assignment
2020-09-16 17:19:37,423 - asyncio - ERROR - Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
File "/home/me/python/lib/python3.7/asyncio/events.py", line 88, in _run
self._context.run(self._callback, *self._args)
File "/home/me/.env/lib/python3.7/site-packages/tornado/platform/asyncio.py", line 139, in _handle_events
handler_func(fileobj, events)
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 711, in _handle_events
self._handle_read()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 1498, in _handle_read
self._do_ssl_handshake()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py", line 1458, in _do_ssl_handshake
if not self._verify_cert(self.socket.getpeercert()):
File "/home/me/.env/lib/python/site-packages/tornado/iostream.py", line 1481, in _verify_cert
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL)
UnboundLocalError: local variable 'verify_mode' referenced before assignment
注意:运行 Flower 时一切正常
celery -B brokerURL flower --keyfile=/home/me/cert/key.pem --certfile=/home/me/cert/cert.pem
里面有/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py
:
def _verify_cert(self, peercert: Any) -> bool:
"""Returns ``True`` if peercert is valid according to the configured
validation mode and hostname.
The ssl handshake already tested the certificate for a valid
CA signature; the only thing that remains is to check
the hostname.
"""
if isinstance(self._ssl_options, dict):
verify_mode = self._ssl_options.get("cert_reqs", ssl.CERT_NONE)
elif isinstance(self._ssl_options, ssl.SSLContext):
verify_mode = self._ssl_options.verify_mode
assert verify_mode in (ssl.CERT_NONE, ssl.CERT_REQUIRED, ssl.CERT_OPTIONAL) # LINE 1481
if verify_mode == ssl.CERT_NONE or self._server_hostname is None:
return True
cert = self.socket.getpeercert()
if cert is None and verify_mode == ssl.CERT_REQUIRED:
gen_log.warning("No SSL certificate given")
return False
try:
ssl.match_hostname(peercert, self._server_hostname)
except ssl.CertificateError as e:
gen_log.warning("Invalid SSL certificate: %s" % e)
return False
else:
return True
我怎样verify_mode = ssl.CERT_REQUIRED
才能tornado
通过Flower
?在里面手动设置它_verify_cert
确实有效。
解决方案
推荐阅读
- php - 在 API 请求中上传文件时 POST 请求中的 nginx 502 错误
- python - XML根据Python中的子元素值删除子元素
- c# - this.MyEvent += new MyDel(WelcomeUser); (这行的具体含义是什么)
- javascript - 我的 ms-auto 没有在 div 内对齐内容?
- php - 从具有重定向脚本的网站获取 img src
- java - 如何将整数数组传递给 Informix 存储过程
- azure - Azure DevOps server 2020 1.1 创建代理池时池类型不可用
- jpa - EclipseLink JPA 转换器子类不起作用
- git - 无法使用 git 向 Github 进行身份验证
- python - 在所有 6 帧中查找 ORF