wrote a flask application that uses gevent and socketio ,
I have a script that I give below,
it actually runs SSL at the address specified by me in the configuration file and functions without any problems:

 from gevent import monkey monkey.patch_all() import configparser import ssl from app import create_app, socketio app = create_app() config = configparser.ConfigParser() config.read("config.ini") ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2) ctx.load_cert_chain('/path_to_the_cert','path_to_the_key') if __name__ == '__main__': socketio.run(app, config['server']['host'], int(config['server']['port']), ssl_context=ctx)

I also have a client-bot that tries to connect to the server via the configuration file, something like https://config['server']['host']:int(config['server']['port'] , and it even connects without any problems, but the server gives the following errors:

 Traceback (most recent call last): File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/server.py", line 190, in wrap_socket_and_handle ssl_socket = self.wrap_socket(client_socket, **self.ssl_args) File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/_ssl3.py", line 65, in wrap_socket _session=session) File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/_ssl3.py", line 238, in __init__ raise x File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/_ssl3.py", line 234, in __init__ self.do_handshake() File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/_ssl3.py", line 561, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:833) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/greenlet.py", line 537, in run result = self._run(*self.args, **self.kwargs) File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/baseserver.py", line 26, in _handle_and_close_when_done return handle(*args_tuple) File "/home/.linuxbrew/Cellar/python/3.6.5/lib/python3.6/site-packages/gevent/server.py", line 193, in wrap_socket_and_handle ssl_socket.close() UnboundLocalError: local variable 'ssl_socket' referenced before assignment Tue Apr 24 16:57:43 2018 <Greenlet at 0x7f0069b295a0: _handle_and_close_when_done(<bound method StreamServer.wrap_socket_and_handle , <bound method StreamServer.do_close of <WSGIServer, (<gevent._socket3.socket [closed] object, fd=-1, )> failed with UnboundLocalError

Tell me, please, how to solve this problem with connecting the client to the web server? Maybe I somehow incorrectly start the web server on SSL? Or should my client be somehow authorized to access the server?
Are there any other options through the python script?

  • Not on the topic of the question: in my opinion it is more correct to let all connections through nginx, and to set up SSL already in it - andreymal
  • On the subject of the question: if you use certificates from Let's Encrypt, then you probably forgot about the chain. And if you use self-signed certificates, then they should not work at all - andreymal
  • @andreymal regarding the first: I configured SSL on port 8000 via nginx, since I need to provide access to certain directories through 8000, but my application should work through port 5000, will it work if I do not code it in the script, but just in the default configuration I will clarify that port 5000 should also be on SSL? Regarding the second: I use official certificates, and, it seems, the chain in my code is defined and described above ... - Nikolai
  • one
    About chain, I mean the second part of the certificate - Let's Encrypt divides the certificate into two files cert.pem and chain.pem, and here you need to remember to include the second file too. Well, or you can connect the fullchain.pem file immediately (but I don’t know how it is done in python, and therefore I can’t write a full answer, just information for reflection) - andreymal

0