Skip to content

Gracefully handle ssl errors when client cert is required but not given #728

bdarnell opened this Issue Apr 14, 2013 · 0 comments

1 participant

tornadoweb member

From the mailing list:
I'm working on a web service that requires a client-side certificate.
I have noticed when a client without a certificate connects, the
server-side crashes and the client-side hangs until the server is
terminated. On the server-side, I see this error:

[E 111026 01:00:24 ioloop:296] Exception in I/O handler for fd 6
Traceback (most recent call last):
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/",
line 287, in start
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/",
line 159, in wrapped
callback(args, *kwargs)
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/",
line 293, in handle_events
File "/usr/lib/python2.7/", line 344, in wrap_socket
File "/usr/lib/python2.7/", line 119, in __init

SSLError: _ssl.c:327: No root certificates specified for
verification of other-side certificates.

Should tornado close the connection when the required certificate is
not provided?

@bdarnell bdarnell added the tcpserver label Jul 16, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.