SSL With Windows Web2Py
329 views
Skip to first unread message
Mark
Jun 17, 2008, 11:11:21 PM6/17/08
to web2py Web Framework
Has anyone gotten the SLL switches on web2py to work? In a previous
link[1], Massimo implied that the secrets would be revealed by typing
"web2py.py -h". I did that, and it looks like all you need to do is
supply a valid SSL certificate and key with the -c and -k options.
When I do this, it gets pretty far, but eventually emits:
WARNING:root:OpenSSL libraries available. SSL is OFF
And, sure enough, https doesn't connect. I tried
http://localhost:8000/welcome/default/index, https://localhost:8000/welcome/default/index,
and https://localhost/welcome/default/index. The first worked
(although not with SSL), and the other two failed.
Examining the source, reveals that "elif not wsgiserver.SSL:" is
failing at line 325 of gluon/main.py because the "from OpenSSL import
SSL" fails at line 62 of gluon/wsgiserver.py.
I've spent a good bit of time trying to find how to add OpenSSL to
Python, but the closest I can find is pyOpenSSL which I can't get to
work. Help!?
I'm certain I'm doing something stupid. Anyone have any ideas?
-Mark
[1] http://groups.google.com/group/web2py/browse_thread/thread/2a63bb6697128267/74533081fad0be2f?lnk=gst&q=ssl#74533081fad0be2f
link[1], Massimo implied that the secrets would be revealed by typing
"web2py.py -h". I did that, and it looks like all you need to do is
supply a valid SSL certificate and key with the -c and -k options.
When I do this, it gets pretty far, but eventually emits:
WARNING:root:OpenSSL libraries available. SSL is OFF
And, sure enough, https doesn't connect. I tried
http://localhost:8000/welcome/default/index, https://localhost:8000/welcome/default/index,
and https://localhost/welcome/default/index. The first worked
(although not with SSL), and the other two failed.
Examining the source, reveals that "elif not wsgiserver.SSL:" is
failing at line 325 of gluon/main.py because the "from OpenSSL import
SSL" fails at line 62 of gluon/wsgiserver.py.
I've spent a good bit of time trying to find how to add OpenSSL to
Python, but the closest I can find is pyOpenSSL which I can't get to
work. Help!?
I'm certain I'm doing something stupid. Anyone have any ideas?
-Mark
[1] http://groups.google.com/group/web2py/browse_thread/thread/2a63bb6697128267/74533081fad0be2f?lnk=gst&q=ssl#74533081fad0be2f
Mark
Jun 18, 2008, 12:01:29 AM6/18/08
to web2py Web Framework
FWIW, I'm using Web2Py version Version 1.35 (2008-06-02 12:10:35)
And, sys.version Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC
v.1310 32 bit (Intel)] on win32
When I go to the C:\Python25\python.exe command line and try to
"import OpenSSL", it fails, but it pops up a dialog that says "This
application has failed to start because libeay32.dll was not found. Re-
installing the application may fix this problem." That seems like a
clue. ;o)
And, sys.version Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC
v.1310 32 bit (Intel)] on win32
When I go to the C:\Python25\python.exe command line and try to
"import OpenSSL", it fails, but it pops up a dialog that says "This
application has failed to start because libeay32.dll was not found. Re-
installing the application may fix this problem." That seems like a
clue. ;o)
Massimo Di Pierro
Jun 18, 2008, 12:38:54 AM6/18/08
to web...@googlegroups.com
It may be a problem with building the windows binary. Could you try
installing pyOpenSSL and running web2py from source?
installing pyOpenSSL and running web2py from source?
Massimo
Massimo Di Pierro
Jun 18, 2008, 1:21:41 AM6/18/08
to web...@googlegroups.com
There are two issues:
1) the error message has a typo: "OpenSSL unavailable" and not
"OpenSSL available"
2) I packaged the windows binary without OpenSSL
I will repackage and repost 1.36 asap.
1) the error message has a typo: "OpenSSL unavailable" and not
"OpenSSL available"
2) I packaged the windows binary without OpenSSL
I will repackage and repost 1.36 asap.
Running from source if OpenSSL is installed works fine.
Sorry about this.
Massimo
Mark
Jun 18, 2008, 9:01:54 AM6/18/08
to web2py Web Framework
Massimo,
I am running from source (web2py v 1.35) with ActivePython and
pyOpenSSL installed.
I don't get a successful https connection. Do you know that last
web2py version that did work with OpenSSL out of the box?
I installed pyOpenSSL using the Windows installer which found the
ActivePython install at C:\Python25. It sounds like you might have
had a different installation experience. If so, clue me in. ;o)
-MM
On Jun 17, 10:21 pm, Massimo Di Pierro <mdipie...@cs.depaul.edu>
wrote:
I am running from source (web2py v 1.35) with ActivePython and
pyOpenSSL installed.
I don't get a successful https connection. Do you know that last
web2py version that did work with OpenSSL out of the box?
I installed pyOpenSSL using the Windows installer which found the
ActivePython install at C:\Python25. It sounds like you might have
had a different installation experience. If so, clue me in. ;o)
-MM
On Jun 17, 10:21 pm, Massimo Di Pierro <mdipie...@cs.depaul.edu>
wrote:
Massimo Di Pierro
Jun 18, 2008, 10:20:05 AM6/18/08
to web...@googlegroups.com
I have a Mac with Python 2.5.1 (r251:54869, Apr 18 2007, 22:08:04) .
I never used ActivePython. I will run some more tests tomorrow.
Mark
Jun 18, 2008, 10:35:56 AM6/18/08
to web2py Web Framework
I've also tried with the Python for Windows that comes from www.python.org[1],
but I suspect it's *very* similar to the ActivePython implementation
since ActivePython is bold enough to install right on top of it
without even asking. (!) Both the python.org and the ActivePython
versions exhibit the problem.
-MM
[1] http://www.python.org/ftp/python/2.5.2/python-2.5.2.msi
but I suspect it's *very* similar to the ActivePython implementation
since ActivePython is bold enough to install right on top of it
without even asking. (!) Both the python.org and the ActivePython
versions exhibit the problem.
-MM
[1] http://www.python.org/ftp/python/2.5.2/python-2.5.2.msi
Massimo Di Pierro
Jun 18, 2008, 11:43:31 AM6/18/08
to web...@googlegroups.com
Forget web2py for a sec. Can you do
from OpenSSL import SSL
from OpenSSL import crypto
Is not there is a problem with installing OpenSSL on your system.
The only problem on the web2py side is that I have built the windows
binary on a new windows VMWare machine and I may have forgot to
install OpenSSL before running py2exe. This will be fixed in the next
built.
As far as deplyment is concerned it is still much easier to use
Apache to force HTTPS.
Massimo
Mark
Jun 18, 2008, 12:37:34 PM6/18/08
to web2py Web Framework
Massimo,
> Forget web2py for a sec. Can you do
>
> from OpenSSL import SSL
> from OpenSSL import crypto
>
> Is not there is a problem with installing OpenSSL on your system.
That's the tyest I've been trying that has been failing. I've
installed the pyOpenSSL Windows installer, but it doesn't fix things.
I don't think this is a Web2Py issue, but it's still just as
broken. ;o)
> As far as deplyment is concerned it is still much easier to use
> Apache to force HTTPS.
Kinda. I'm still working on getting that to work under Ubuntu in the
other thread. Sparking up a whole Apache install just to get HTTPS
working under Windows is kinda gross. A more natural path would be to
install the IIS server, but that's what we're hoping to move away
from. :-(
-MM
> Forget web2py for a sec. Can you do
>
> from OpenSSL import SSL
> from OpenSSL import crypto
>
> Is not there is a problem with installing OpenSSL on your system.
installed the pyOpenSSL Windows installer, but it doesn't fix things.
I don't think this is a Web2Py issue, but it's still just as
broken. ;o)
> As far as deplyment is concerned it is still much easier to use
> Apache to force HTTPS.
other thread. Sparking up a whole Apache install just to get HTTPS
working under Windows is kinda gross. A more natural path would be to
install the IIS server, but that's what we're hoping to move away
from. :-(
-MM
Massimo Di Pierro
Jun 18, 2008, 12:39:03 PM6/18/08
to web...@googlegroups.com
Let us know what you found out. I have not head this problem but I
will try to reproduce ti as soon as I get hold of a windows machine.
will try to reproduce ti as soon as I get hold of a windows machine.
Massimo
Mark
Jun 18, 2008, 3:01:27 PM6/18/08
to web2py Web Framework
I'll keep slugging. If anyone else has gotten "import OpenSSL" to
work under Windows, please let me know.
-MM
work under Windows, please let me know.
-MM
Mark
Jun 18, 2008, 9:28:09 PM6/18/08
to web2py Web Framework
OK, I got a response from the guys at pyOpenSSL. It looks like their
installer didn't includesome bits, and they recommended I try this
link from eGenix: http://www.egenix.com/products/python/pyOpenSSL/
I installed the eGenix package, and now I can https://127.0.0.1:8000/welcome/default/index.
Woo hoo! Of course, now I can't http://127.0.0.1:8000/welcome/default/index.
:'-( Still, this lets me have a full (debugable) setup on my Windows
laptop. Rockin!
If anyone is looking for the full steps, here you go:
* Get Python from python.org[1] (or from ActiveState[2]) and install
it
* Get pyOpenSSL from eGenix and install
* Get web2py and untar it (duh!)
* Generate a key for the server, and request (or self certify) a
server certificate[3]
* Spark up web2py: python web2py.py -a "<recycle>" -c server.crt -k
server.key
-MM
[1] http://www.python.org/download/releases/
[2] http://www.activestate.com/store/activepython/download/
[3] http://mdp.cti.depaul.edu/AlterEgo/default/show/140
installer didn't includesome bits, and they recommended I try this
link from eGenix: http://www.egenix.com/products/python/pyOpenSSL/
I installed the eGenix package, and now I can https://127.0.0.1:8000/welcome/default/index.
Woo hoo! Of course, now I can't http://127.0.0.1:8000/welcome/default/index.
:'-( Still, this lets me have a full (debugable) setup on my Windows
laptop. Rockin!
If anyone is looking for the full steps, here you go:
* Get Python from python.org[1] (or from ActiveState[2]) and install
it
* Get pyOpenSSL from eGenix and install
* Get web2py and untar it (duh!)
* Generate a key for the server, and request (or self certify) a
server certificate[3]
* Spark up web2py: python web2py.py -a "<recycle>" -c server.crt -k
server.key
-MM
[1] http://www.python.org/download/releases/
[2] http://www.activestate.com/store/activepython/download/
[3] http://mdp.cti.depaul.edu/AlterEgo/default/show/140
Massimo Di Pierro
Jun 18, 2008, 9:34:51 PM6/18/08
to web...@googlegroups.com
Can you please update the AlterEgo entry about this. The code is 1234.
Massimo
Mike
Jul 29, 2008, 10:35:45 PM7/29/08
to web2py Web Framework
Hey Everyone,
This thread was very helpful, but I ran into one other issue.
After using OpenSSL to make .crt and .key files I got web2py running
as a windows service that accepted https://
However, I still can't access the admin app from a remote computer
even when specifying https://. I get the standard 'admin not available
due to unsecure channel' message.
I must have missed a step somewhere...any ideas?
Mike
On Jun 18, 9:34 pm, Massimo Di Pierro <mdipie...@cs.depaul.edu> wrote:
> Can you please update the AlterEgo entry about this. The code is 1234.
>
> Massimo
>
> On Jun 18, 2008, at 8:28 PM, Mark wrote:
>
>
>
> > OK, I got a response from the guys at pyOpenSSL. It looks like their
> > installer didn't includesome bits, and they recommended I try this
> > link from eGenix:http://www.egenix.com/products/python/pyOpenSSL/
>
> > I installed the eGenix package, and now I can https://
> > 127.0.0.1:8000/welcome/default/index.
> > Woo hoo! Of course, now I can'thttp://127.0.0.1:8000/welcome/
This thread was very helpful, but I ran into one other issue.
After using OpenSSL to make .crt and .key files I got web2py running
as a windows service that accepted https://
However, I still can't access the admin app from a remote computer
even when specifying https://. I get the standard 'admin not available
due to unsecure channel' message.
I must have missed a step somewhere...any ideas?
Mike
On Jun 18, 9:34 pm, Massimo Di Pierro <mdipie...@cs.depaul.edu> wrote:
> Can you please update the AlterEgo entry about this. The code is 1234.
>
> Massimo
>
> On Jun 18, 2008, at 8:28 PM, Mark wrote:
>
>
>
> > OK, I got a response from the guys at pyOpenSSL. It looks like their
> > installer didn't includesome bits, and they recommended I try this
> > link from eGenix:http://www.egenix.com/products/python/pyOpenSSL/
>
> > I installed the eGenix package, and now I can https://
> > 127.0.0.1:8000/welcome/default/index.
achipa
Jul 30, 2008, 5:20:03 AM7/30/08
to web2py Web Framework
I've seen this, but I though it was a feature :) I thought it normal
to have an IP filter that on the admin. Of course, the previous
implementation had no such admin-specifiable list but I thought THAT
part was missing and not the unsecure channel :)
> default.py
> 18KDownload
to have an IP filter that on the admin. Of course, the previous
implementation had no such admin-specifiable list but I thought THAT
part was missing and not the unsecure channel :)
> 18KDownload
Mike
Jul 30, 2008, 4:44:24 PM7/30/08
to web2py Web Framework
Hi Massimo,
I tried the controller you posted...
It generated the following error:
Traceback (most recent call last): File "E:\Python\web2py_src\web2py
\gluon\restricted.py", line 62, in restricted exec ccode in
environment File "E:\Python\web2py_src\web2py\applications\admin/
controllers/default.py", line 33, in <module>
response.secure()TypeError: 'NoneType' object is not callable
This error occured when trying to access the admin application from a
remote computer and also on the server.
Mike
> > >>> [3]http://mdp.cti.depaul.edu/AlterEgo/default/show/140- Hide quoted text -
>
> - Show quoted text -
I tried the controller you posted...
It generated the following error:
Traceback (most recent call last): File "E:\Python\web2py_src\web2py
\gluon\restricted.py", line 62, in restricted exec ccode in
environment File "E:\Python\web2py_src\web2py\applications\admin/
controllers/default.py", line 33, in <module>
response.secure()TypeError: 'NoneType' object is not callable
This error occured when trying to access the admin application from a
remote computer and also on the server.
Mike
>
> - Show quoted text -
Massimo Di Pierro
Jul 30, 2008, 6:06:50 PM7/30/08
to web...@googlegroups.com
sorry. fixed in trunk.
it was session.secure() not response.secure()
Mike
Jul 30, 2008, 8:01:25 PM7/30/08
to web2py Web Framework
Looks good! Thanks for the help...
Just to confirm the expected behavior: with SSL enabled, the built-in
web2py web server will not accept http:// requests any more. It's
either https:// or http:// but not both.
Mike
Just to confirm the expected behavior: with SSL enabled, the built-in
web2py web server will not accept http:// requests any more. It's
either https:// or http:// but not both.
Mike
Reply all
Reply to author
Forward
0 new messages