self-signed ssl: wrap_socket: __init__() got an unexpected keyword argument 'server_hostname'

[len bas]

I am attempting to run a tornado https server with self signed certificates (with localhost as the domain name) I generated using openssl. I verified these with openssl. My python version is 2.7.8 (october build), my tornado version is 4.1.0. Here is my code for webserver, the handler implements a simple get request.

def main():

    options.parse_command_line()

    settings = {

        'cookie_secret': '****',

        'upload_path': UPLOAD_PATH,

        'cookie_morsels': {

            'httponly': True,

            'max-age': 24 * 3600  # 1 day

        },

  }

    ssl_options = {}

    ssl_options['certfile'] = '/etc/ssl/my_cert.crt'

    ssl_options['keyfile'] = '/etc/ssl/my_cert.key'

    app = web.Application([

        (r"/get", handlers.GetHandler)],

        **settings)

    http_server = httpserver.HTTPServer(app, ssl_options=ssl_options, max_buffer_size=4 * 1024 ** 3)

    http_server.listen(options.port)

    ioloop.IOLoop.instance().start()

The traceback I am getting is the following: 

   Traceback (most recent call last):

      File "/home/.../local/lib/python2.7/site-packages/tornado/ioloop.py", line 840, in start

        handler_func(fd_obj, events)

      File "/home/.../local/lib/python2.7/site-packages/tornado/stack_context.py", line 275, in null_wrapper

        return fn(*args, **kwargs)

      File "/home/.../local/lib/python2.7/site-packages/tornado/netutil.py", line 223, in accept_handler

        callback(connection, address)

      File "/home/.../local/lib/python2.7/site-packages/tornado/tcpserver.py", line 225, in _handle_connection

        do_handshake_on_connect=False)

      File "/home/.../local/lib/python2.7/site-packages/tornado/netutil.py", line 468, in ssl_wrap_socket

        return context.wrap_socket(socket, **kwargs)

      File "/usr/lib/python2.7/ssl.py", line 350, in wrap_socket

        _context=self)

    TypeError: __init__() got an unexpected keyword argument 'server_hostname'

I read here that this error is due to an ssl depreciation in python2.7, but this can't be the only way to implement ssl in tornado python2.7?

Thanks in advance for any advice.

[Ben Darnell]

To reach line 468 of netutil.py, ssl.SSLContext must exist, but it wasn't there in Python 2.7.8. Does your python installation have any other modifications?

This looks like a bug in Tornado 4.1 whenever ssl.SSLContext is present but ssl.HAS_SNI is false. It's probably better to move forward to Python 2.7.9 and an up-to-date version of openssl than to figure out why you have problems with this old configuration.

-Ben

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[len bas]

I think this may have to do with similar problems gevent and urllib3 are having. A recent backport to python 2.7 added the SSL context object for security reasons:

https://github.com/shazow/urllib3/issues/482

See below, this is on our development machines:

Python 2.7.8 (default, Oct 18 2014, 12:50:18)

[GCC 4.9.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> from ssl import SSLContext

>>> SSLContext()

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

TypeError: __new__() takes at least 2 arguments (1 given)

While for some reason our app machines don't have the most recent version of 2.7.8 (Oct 18 2014)

Python 2.7.8 (default, Aug 23 2014, 21:00:50)

[GCC 4.9.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> from ssl import SSLContext

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

ImportError: cannot import name SSLContext

[Ben Darnell]

On Thu, Feb 12, 2015 at 1:12 PM, len bas <lennart...@gmail.com> wrote:

I think this may have to do with similar problems gevent and urllib3 are having. A recent backport to python 2.7 added the SSL context object for security reasons:

https://github.com/shazow/urllib3/issues/482

See below, this is on our development machines:

Python 2.7.8 (default, Oct 18 2014, 12:50:18)

[GCC 4.9.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> from ssl import SSLContext

>>> SSLContext()

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

TypeError: __new__() takes at least 2 arguments (1 given)

While for some reason our app machines don't have the most recent version of 2.7.8 (Oct 18 2014)

There is only one version of 2.7.8, and it was released in August. SSLContext was added in 2.7.9, which was released in December. Tornado is fully compatible with 2.7.9; the problem is that you seem to have some non-standard in-between version. Where did you get this build of Python?

-Ben

[len bas]

I seemed to have just been able to pull the October 18th version on debian using `aptitude upgrade python2.7`. Will try 2.7.9 hopefully that fixes the issue.

Unpacking python2.7 (2.7.8-11) over (2.7.8-6) ...

Preparing to unpack .../libpython2.7_2.7.8-11_amd64.deb ...

...

Setting up python2.7 (2.7.8-11) ...

Setting up libpython2.7:amd64 (2.7.8-11) ...

Thanks,