gevent-websocket and SSL
637 views
Skip to first unread message
David Heaps
Oct 11, 2014, 3:00:36 PM10/11/14
to gev...@googlegroups.com
Hi,
I'm building a small web-socket server instance for Pytomation (home automation software), using gevent-websocket, at https://github.com/king-dopey/pytomation/blob/master/pytomation/interfaces/websocket_server.py.
I want to encrypt the websocket connections with SSL, but I'm having difficulty getting it to work on the upgraded websocket. Just adding the certfile and keyfile as arguments while creating the server instance works well, for the HTTPS file requests. However, when the webclient requests the wss conection, the server closes the connection and prints the following error to the console (IP blanked-out):
I did a quick search and found some old posts (2-3 years) that say SSL isn't implemented yet. Is that still the case?
I'm building a small web-socket server instance for Pytomation (home automation software), using gevent-websocket, at https://github.com/king-dopey/pytomation/blob/master/pytomation/interfaces/websocket_server.py.
I want to encrypt the websocket connections with SSL, but I'm having difficulty getting it to work on the upgraded websocket. Just adding the certfile and keyfile as arguments while creating the server instance works well, for the HTTPS file requests. However, when the webclient requests the wss conection, the server closes the connection and prints the following error to the console (IP blanked-out):
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/gevent/greenlet.py", line 327, in run
result = self._run(*self.args, **self.kwargs)
File "/usr/local/lib/python2.7/dist-packages/gevent/server.py", line 102, in wrap_socket_and_handle
ssl_socket = self.wrap_socket(client_socket, **self.ssl_args)
File "/usr/local/lib/python2.7/dist-packages/gevent/ssl.py", line 383, in wrap_socket
ciphers=ciphers)
File "/usr/local/lib/python2.7/dist-packages/gevent/ssl.py", line 94, in __init__
self.do_handshake()
File "/usr/local/lib/python2.7/dist-packages/gevent/ssl.py", line 305, in do_handshake
return self._sslobj.do_handshake()
SSLError: [Errno 8] _ssl.c:510: EOF occurred in violation of protocol
<Greenlet at 0x7f59f2eec870: <bound method WebSocketServer.wrap_socket_and_handle of <WebSocketServer at 0x7f59f2ee1610 fileno=9 address=x.x.x.x:8090>>(<socket at 0x7f59f0167650 fileno=12 sock=x.x.x, ('x.x.x.x', 36326))> failed with SSLError
I did a quick search and found some old posts (2-3 years) that say SSL isn't implemented yet. Is that still the case?
David Heaps
Oct 11, 2014, 6:47:19 PM10/11/14
to gev...@googlegroups.com
Did some more research and posted the issue to: https://bitbucket.org/Jeffrey/gevent-websocket/issue/31/secure-wss-websocket-support
The issue is very intermittent and I'm not quite tracking what's happening. My additional research showed the following (posted to the issue):
The websocket connection seems to always fail if the web-page didn't come from the same server (it's ignoring the Access-Control-Allow-Origin header, I'm thinking possibly browser bug here).
Sometimes, I can get the secured websocket connection working, if I grab the files from the server, and either not use the pre_start_hook at all or use the custom pre_start_hook and let the authentication code run (details below). I also noticed that it works more often if the authentication is not included in the URL (had to add authentication in URL for normal connections, when web-page is not on server, but some browsers seem to be handling secure connection differently).
This is where it gets really interesting. First, it only intermittently works; other times, it will randomly fail with one of the two errors below. Oddly, if I keep my pre_start_hook method and just disable it by having it pass true, every time... the websocket connection always fails. It fails with the first error if the request came from Firefox and the second error if the request came for Chrome.
I stepped through the code; when the pre_start_hook is enabled, that pre_start_hook returns true everytime for these websocket connections, so I'm not sure what's happening or really what's differnet about it. If it's enabled it passes True, if it's disabled it passes True... but it fails when it's disabled and only sometimes works when it's enabled.
First Error (usually with firefox request):
Same error as in first post
Second Error (usually with chrome request:
The issue is very intermittent and I'm not quite tracking what's happening. My additional research showed the following (posted to the issue):
The websocket connection seems to always fail if the web-page didn't come from the same server (it's ignoring the Access-Control-Allow-Origin header, I'm thinking possibly browser bug here).
Sometimes, I can get the secured websocket connection working, if I grab the files from the server, and either not use the pre_start_hook at all or use the custom pre_start_hook and let the authentication code run (details below). I also noticed that it works more often if the authentication is not included in the URL (had to add authentication in URL for normal connections, when web-page is not on server, but some browsers seem to be handling secure connection differently).
This is where it gets really interesting. First, it only intermittently works; other times, it will randomly fail with one of the two errors below. Oddly, if I keep my pre_start_hook method and just disable it by having it pass true, every time... the websocket connection always fails. It fails with the first error if the request came from Firefox and the second error if the request came for Chrome.
I stepped through the code; when the pre_start_hook is enabled, that pre_start_hook returns true everytime for these websocket connections, so I'm not sure what's happening or really what's differnet about it. If it's enabled it passes True, if it's disabled it passes True... but it fails when it's disabled and only sometimes works when it's enabled.
First Error (usually with firefox request):
Same error as in first post
Second Error (usually with chrome request:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/gevent/pywsgi.py", line 508, in handle_one_response
self.run_application()
File "/usr/local/lib/python2.7/dist-packages/geventwebsocket/handler.py", line 67, in run_application
return super(WebSocketHandler, self).run_application()
File "/usr/local/lib/python2.7/dist-packages/gevent/pywsgi.py", line 494, in run_application
self.result = self.application(self.environ, self.start_response)
File "/usr/local/lib/python2.7/dist-packages/geventwebsocket/resource.py", line 74, in __call__
return current_app(environ, start_response)
TypeError: __init__() takes exactly 2 arguments (3 given)
self.run_application()
File "/usr/local/lib/python2.7/dist-packages/geventwebsocket/handler.py", line 67, in run_application
return super(WebSocketHandler, self).run_application()
File "/usr/local/lib/python2.7/dist-packages/gevent/pywsgi.py", line 494, in run_application
self.result = self.application(self.environ, self.start_response)
File "/usr/local/lib/python2.7/dist-packages/geventwebsocket/resource.py", line 74, in __call__
return current_app(environ, start_response)
TypeError: __init__() takes exactly 2 arguments (3 given)
Reply all
Reply to author
Forward
0 new messages