0

I've this main code which is actually http webserver, which is working fine but termination due SSL errors(pl scroll down)

class ThreadingSimpleServer(ThreadingMixIn, HTTPServer):
    pass


def run():
    port =80
    if USE_HTTPS:
        port=443
    server = ThreadingSimpleServer(('0.0.0.0', port), PostHandler)
    if USE_HTTPS:
        import ssl
        server.socket = ssl.wrap_socket(server.socket, keyfile='./ssl/key.pem', certfile='./ssl/public.pem', server_side=True)
    server.serve_forever()

Error

> File "/usr/lib/python3.6/socketserver.py", line 654, in
> process_request_thread
>     self.finish_request(request, client_address)   File "/usr/lib/python3.6/socketserver.py", line 364, in finish_request
>     self.RequestHandlerClass(request, client_address, self)   File "/usr/lib/python3.6/socketserver.py", line 724, in __init__
>     self.handle()   File "/usr/lib/python3.6/http/server.py", line 418, in handle
>     self.handle_one_request()   File "/usr/lib/python3.6/http/server.py", line 386, in handle_one_request
>     self.raw_requestline = self.rfile.readline(65537)   File "/usr/lib/python3.6/socket.py", line 586, in readinto
>     return self._sock.recv_into(b)   File "/usr/lib/python3.6/ssl.py", line 1012, in recv_into
>     return self.read(nbytes, buffer)   File "/usr/lib/python3.6/ssl.py", line 874, in read
>     return self._sslobj.read(len, buffer)   File "/usr/lib/python3.6/ssl.py", line 631, in read
>     v = self._sslobj.read(len, buffer) ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2309)

I need two things:

  • Either to ignore any SSL certificate errors( example: sslopt={"cert_reqs": ssl.CERT_NONE} but it does not work when passed thru run_forever
  • Catch this SSL error by implementing run_forever whose sample code i'm not able to find.

When doing HTTPS multithread server implementation I find Python documentation lacking compared to other languages. Working examples difficult to find.

user5858
  • 1,082
  • 4
  • 39
  • 79

1 Answers1

0

Either to ignore any SSL certificate errors( example: sslopt={"cert_reqs": ssl.CERT_NONE}

This is a TLS alert send by the client which does not accept the servers certificate. There is nothing you can do on the server side to prevent this error except providing a certificate which the client will accept. This is unrelated to multithreaded or Python, but it is solely about the certificate not trusted by the client.

Catch this SSL error by implementing run_forever ...

According to the stacktrace the error is thrown inside handle() which you can override to catch the error. See here or here for examples on how to do this.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • I've added `def handle(self): try: BaseHTTPServer.BaseHTTPRequestHandler.handle(self) except socket.error: pass ` I added this method within `class PostHandler(BaseHTTPRequestHandler):` I hope that would work – user5858 Aug 01 '20 at 16:04
  • @user5858: Based on the stacktrace this is no `socket.error` but `ssl.SSLError`. – Steffen Ullrich Aug 01 '20 at 16:29
  • where to add this `sslopt={"cert_reqs": ssl.CERT_NONE}` – user5858 Aug 01 '20 at 17:06
  • @user5858: As I tried to explain: the problem is due the client not trusting the server certificate. Adding this option would not solve this problem and thus it is irrelevant how it could be added. In fact, this option has a different meaning on the server: it is about requesting client certificates. And it very likely already has this value since you don't request any client certificates. – Steffen Ullrich Aug 01 '20 at 17:11
  • i get it. What is wrong with my certification(in my code) . It shows this problem: https://www.sslshopper.com/ssl-checker.html#hostname=cap1.transactionfailed.com – user5858 Aug 01 '20 at 17:28
  • @user5858: The server is not reachable from the test client. Trying with curl it seems to be up sometimes but only on IPv4 (although the domain resolves to both IPv4 and IPv6). Maybe because your server crashes on unexpected TLS handshakes. Check your server for details. – Steffen Ullrich Aug 01 '20 at 17:42