Bug: SSL certificate feature breaks default no-tls setups when using reload or multiple workers

[bpereto]

Description

the TLS certificate feature introduced in #2554 breaks existing installations without TLS enabled, nor TLS certificates provided.

• I did not change my setup, nor added additional arguments for TLS.

litestar run --reload

  File ".venv/lib/python3.11/site-packages/uvicorn/config.py", line 433, in load
    self.ssl: Optional[ssl.SSLContext] = create_ssl_context(
                                         ^^^^^^^^^^^^^^^^^^^
  File ".venv/lib/python3.11/site-packages/uvicorn/config.py", line 121, in create_ssl_context
    ctx.load_cert_chain(certfile, keyfile, get_password)
FileNotFoundError: [Errno 2] No such file or directory

I think it's a bug in uvicorn. the current implementation of is_ssl returns True if ssl_certificate and ssl_keyfile are None:
https://github.com/encode/uvicorn/blob/07c2b36455b5475ff7edfa54068ff2c0581a2be1/uvicorn/config.py#L374

bool(self.ssl_keyfile or self.ssl_certfile) is True, if ssl_keyfile or ssl_certificate is both None.
But the equivalent in python bool(None or None) yields False?

It appears that both cert parameters of is_ssl are type string, and not NoneType, wich results in True, even if no cert params are provided.

This should be filed against uvicorn, but I think this feature was not tested enough against existing setups?

URL to code causing the issue

No response

MCVE

# Your MCVE code here

Steps to reproduce

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Screenshots

"![SCREENSHOT_DESCRIPTION](SCREENSHOT_LINK.png)"

Logs

No response

Litestar Version

2.3.0

Platform

• Linux
• Mac
• Windows
• Other (Please specify in the description above)

---

Note

While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.

Check out all issues funded or available for funding on our Polar.sh Litestar dashboard

• If you would like to see an issue prioritized, make a pledge towards it!
• We receive the pledge once the issue is completed & verified
• This, along with engagement in the community, helps us know which features are a priority to our users.

[bpereto]

ok, it's only happening when using --reload

[JacobCoffee]

Would #2612 fix this for you locally?

[toddjames]

I'm seeing the same thing only when using --reload when using a sample Hello World app.

from litestar import Litestar, get

@get("/")
async def index() -> str:
    return "Hello, world!"

app = Litestar([index])

The error:

(venv) todd@dev:~/apipoc$ litestar run --reload --debug
Using Litestar app from app:app
Starting server process ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
┌──────────────────────────────┬──────────────────────┐
│ Litestar version             │ 2.3.0                │
│ Debug mode                   │ Enabled              │
│ Python Debugger on exception │ Disabled             │
│ CORS                         │ Disabled             │
│ CSRF                         │ Disabled             │
│ OpenAPI                      │ Enabled path=/schema │
│ Compression                  │ Disabled             │
└──────────────────────────────┴──────────────────────┘
INFO:     Will watch for changes in these directories: ['/home/todd/apipoc']
INFO:     Uvicorn running on https://127.0.0.1:8000 (Press CTRL+C to quit)
INFO:     Started reloader process [66972] using WatchFiles
Process SpawnProcess-1:
Traceback (most recent call last):
  File "/usr/lib/python3.11/multiprocessing/process.py", line 314, in _bootstrap
    self.run()
  File "/usr/lib/python3.11/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
  File "/home/todd/apipoc/venv/lib/python3.11/site-packages/uvicorn/_subprocess.py", line 76, in subprocess_started
    target(sockets=sockets)
  File "/home/todd/apipoc/venv/lib/python3.11/site-packages/uvicorn/server.py", line 61, in run
    return asyncio.run(self.serve(sockets=sockets))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "uvloop/loop.pyx", line 1517, in uvloop.loop.Loop.run_until_complete
  File "/home/todd/apipoc/venv/lib/python3.11/site-packages/uvicorn/server.py", line 68, in serve
    config.load()
  File "/home/todd/apipoc/venv/lib/python3.11/site-packages/uvicorn/config.py", line 430, in load
    self.ssl: Optional[ssl.SSLContext] = create_ssl_context(
                                         ^^^^^^^^^^^^^^^^^^^
  File "/home/todd/apipoc/venv/lib/python3.11/site-packages/uvicorn/config.py", line 121, in create_ssl_context
    ctx.load_cert_chain(certfile, keyfile, get_password)
FileNotFoundError: [Errno 2] No such file or directory

This is with litestar[full] installed in the venv. Relevant versions, in case they're helpful:

(venv) todd@dev:~/apipoc$ python3 --version
Python 3.11.2
(venv) todd@dev:~/apipoc$ pip list
Package                            Version
---------------------------------- -----------
advanced_alchemy                   0.5.3
alembic                            1.12.1
annotated-types                    0.6.0
anyio                              4.0.0
asgiref                            3.7.2
async-timeout                      4.0.3
attrs                              23.1.0
black                              23.10.1
Brotli                             1.1.0
certifi                            2023.7.22
cffi                               1.16.0
click                              8.1.7
colorama                           0.4.6
cryptography                       41.0.5
Deprecated                         1.2.14
dnspython                          2.4.2
docstring-parser                   0.15
ecdsa                              0.18.0
EditorConfig                       0.12.3
email-validator                    2.1.0.post1
Faker                              19.13.0
fast-query-parsers                 1.0.3
greenlet                           3.0.1
h11                                0.14.0
hiredis                            2.2.3
httpcore                           1.0.1
httptools                          0.6.1
httpx                              0.25.1
idna                               3.4
importlib-metadata                 6.8.0
inflection                         0.5.1
Jinja2                             3.1.2
jsbeautifier                       1.14.9
litestar                           2.3.0
Mako                               1.2.4
markdown-it-py                     3.0.0
MarkupSafe                         2.1.3
mdurl                              0.1.2
minijinja                          1.0.8
msgspec                            0.18.4
multidict                          6.0.4
mypy-extensions                    1.0.0
opentelemetry-api                  1.20.0
opentelemetry-instrumentation      0.41b0
opentelemetry-instrumentation-asgi 0.41b0
opentelemetry-semantic-conventions 0.41b0
opentelemetry-util-http            0.41b0
packaging                          23.2
pathspec                           0.11.2
piccolo                            1.1.0
picologging                        0.9.3
pip                                23.0.1
platformdirs                       3.11.0
polyfactory                        2.11.0
prometheus-client                  0.18.0
pyasn1                             0.5.0
pycparser                          2.21
pydantic                           2.4.2
pydantic_core                      2.10.1
pydantic-extra-types               2.1.0
Pygments                           2.16.1
python-dateutil                    2.8.2
python-dotenv                      1.0.0
python-jose                        3.3.0
PyYAML                             6.0.1
redis                              5.0.1
rich                               13.6.0
rich-click                         1.7.1
rsa                                4.9
setuptools                         66.1.1
six                                1.16.0
sniffio                            1.3.0
SQLAlchemy                         2.0.23
structlog                          23.2.0
targ                               0.3.8
typing_extensions                  4.8.0
uvicorn                            0.23.2
uvloop                             0.19.0
watchfiles                         0.21.0
websockets                         12.0
wrapt                              1.15.0
zipp                               3.17.0

[toddjames]

@JacobCoffee Confirmed that this fixes it for me.

[JacobCoffee]

https://paste.pythondiscord.com/Y2JA
same here just now, ill do a patch release. We can also open something for our upstream friends if this is something that could help.

[provinzkraut]

Closed by #2616