Skip to content

Gracefully handle ssl errors when client cert is required but not given #728

Open
bdarnell opened this Issue Apr 14, 2013 · 0 comments

1 participant

@bdarnell
tornadoweb member

From the mailing list:
I'm working on a web service that requires a client-side certificate.
I have noticed when a client without a certificate connects, the
server-side crashes and the client-side hangs until the server is
terminated. On the server-side, I see this error:

[E 111026 01:00:24 ioloop:296] Exception in I/O handler for fd 6
Traceback (most recent call last):
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/ioloop.py",
line 287, in start
self.handlersfd
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/stack_context.py",
line 159, in wrapped
callback(args, *kwargs)
File "/home/berto/.virtualenvs/tornado/lib/python2.7/site-packages/tornado/httpserver.py",
line 293, in handle_events
**self.ssl_options)
File "/usr/lib/python2.7/ssl.py", line 344, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 119, in __init

ciphers)
SSLError: _ssl.c:327: No root certificates specified for
verification of other-side certificates.

Should tornado close the connection when the required certificate is
not provided?

@bdarnell bdarnell added the tcpserver label Jul 16, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.