New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fails to load cert chain when using signed certificates #15
Comments
Thanks, I've not seen this before, could you try this patch? diff --git a/hypercorn/config.py b/hypercorn/config.py
index 1ebf116..61f8bce 100644
--- a/hypercorn/config.py
+++ b/hypercorn/config.py
@@ -155,13 +155,13 @@ class Config:
except NotImplementedError:
pass # NPN is not necessarily available
- context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
- if self.ca_certs is not None:
- context.load_verify_locations(self.ca_certs)
if self.verify_mode is not None:
context.verify_mode = self.verify_mode
if self.verify_flags is not None:
context.verify_flags = self.verify_flags
+ if self.ca_certs is not None:
+ context.load_verify_locations(self.ca_certs)
+ context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
return context |
I will try the patch sorry been busy learning azure |
I tried you patch it didn't work unfortunately. Tried a couple of other things as well like loading the cafile in the creation of the ssl context that didn't work either. There might be something wrong with my certificates I will try with another server or maybe try with pure python ssl and see if I can get that to work |
Hmm, this is weird. Please update with what you find. |
Ok sorry I took so long in the end there is nothing wrong with hypercorn's code I have it working fine |
Do the hypercorn docs on SSL setup need improving, or was the complication outside of hypercorn? |
The complication is from python SSL, you need to certificate they have to be in the correct order and the root certificate has to be in the ca file as well the python ssl docs are not great either it seems to suggest you should use the verify_mode to here is my hypercorn python config file I use import certifi
bind = ['0.0.0.0:443']
ca_certs = certifi.where()
certfile = 'cert_prod.pem'
keyfile = 'key_prod.pem' go daddy also gave me a corrupted key file so I needed to debug that as well so goes my adventures in python ssl |
Hi I believe there is bug at
https://github.com/pgjones/hypercorn/blob/master/hypercorn/config.py#L158
when I use quart with signed certificate in quart as follows
app.run(ca_certs='ca.crt', certfile='cert.crt', kefile='key.pem')
I get the following
hypercorn/config.py", line 158, in create_ssl_context
context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3824)
I believe line https://github.com/pgjones/hypercorn/blob/master/hypercorn/config.py#L160
should be called before
https://github.com/pgjones/hypercorn/blob/master/hypercorn/config.py#L158
anyways I have reverted to unsigned certs for now and will probably just use gunicorn
but I thought I would let you know about this bug and thank you for your quart project
which I am really loving
The text was updated successfully, but these errors were encountered: