ssl - HTTPS下的 Tornado 服务器错误

Question

Ubuntu 14.04 和 12.04(全部测试)，64 位 pip 安装 Tornado (版本 4.1)

curl -X POST -v -k https://remote_ip:8080

错误如下: ```

ERROR:tornado.application:Exception in callback (<socket._socketobject object at 0x7fb670a4ad00>, <function null_wrapper at 0x7fb670a05aa0>)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/tornado/ioloop.py", line 840, in start
    handler_func(fd_obj, events)
  File "/usr/local/lib/python2.7/dist-packages/tornado/stack_context.py", line 275, in null_wrapper
    return fn(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/tornado/netutil.py", line 223, in accept_handler
    callback(connection, address)
  File "/usr/local/lib/python2.7/dist-packages/tornado/tcpserver.py", line 225, in _handle_connection
    do_handshake_on_connect=False)
  File "/usr/local/lib/python2.7/dist-packages/tornado/netutil.py", line 470, in ssl_wrap_socket
    return ssl.wrap_socket(socket, **dict(context, **kwargs))
  File "/usr/lib/python2.7/ssl.py", line 489, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 243, in __init__
    ciphers)
SSLError: _ssl.c:295: Both the key & certificate files must be specified

我的服务器代码如下所示: ```

import tornado
import tornado.web
import tornado.httpserver
import tornado.ioloop

class Docker(tornado.web.RequestHandler):
    def post(self, *args, **kwargs):
        self.write('1\n')

application = tornado.web.Application(
    handlers=[
        (r'/', Docker),
    ],
    debug=True,
)

if __name__ == '__main__':
    ssl_options={'certfile': 'certificate.crt',
                 'keyfile': 'privateKey.key'},
    srv = tornado.httpserver.HTTPServer(application, xheaders=True, ssl_options=ssl_options)
    srv.bind(8080)
    srv.start()
    tornado.ioloop.IOLoop.instance().start()

请注意，我使用 openssl 生成证书和 key 文件:

openssl genrsa -out privkey.pem 2048

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

特别是，当我在 ssl_options 字典中添加一个 key 时，cert_reqs=ssl.CERT_NONE，出现了更奇怪的错误:

文件/usr/local/lib/python2.7/dist-packages/tornado/netutil.py: 返回 ssl.wrap_socket(socket, **dict(context, **kwargs)) 字典更新序列元素 #0 的长度为 1 2 是必需的

我真的很想使我的 tornado 应用程序在 HTTPS 下正常工作，你能帮忙吗？

Answer 1

在 ssl_options 的定义之后有一个额外的逗号。这使得 ssl_options 成为一个包含字典的元组，而不是字典(参见 Python tuple trailing comma syntax rule )。删除它，事情应该会起作用。