如何解决花:设置SSL'verify_mode'
使用:花0.9.5(安装了Tornado 6.0.4),芹菜4.4.6,Python 3.7
以{p>开头Flower时
celery -A myProj flower
一切正常。花在http://localhost:5555上服务。
以{p>开头Flower时
celery -A myProj flower --keyfile=/home/me/cert/key.pem --certfile=/home/me/cert/cert.pem
它位于https://localhost:5555,但在尝试访问时,Chrome会显示ERR_CONNECTION_RESET和Flower日志
2020-09-16 17:19:37,421 - tornado.general - ERROR - Uncaught exception,closing connection.
Traceback (most recent call last):
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",line 711,in _handle_events
self._handle_read()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",line 1498,in _handle_read
self._do_ssl_handshake()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",line 1458,in _do_ssl_handshake
if not self._verify_cert(self.socket.getpeercert()):
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",line 1481,in _verify_cert
assert verify_mode in (ssl.CERT_NONE,ssl.CERT_required,ssl.CERT_OPTIONAL)
UnboundLocalError: local variable 'verify_mode' referenced before assignment
2020-09-16 17:19:37,423 - asyncio - ERROR - Exception in callback None()
handle: <Handle cancelled>
Traceback (most recent call last):
File "/home/me/python/lib/python3.7/asyncio/events.py",line 88,in _run
self._context.run(self._callback,*self._args)
File "/home/me/.env/lib/python3.7/site-packages/tornado/platform/asyncio.py",line 139,in _handle_events
handler_func(fileobj,events)
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",in _handle_events
self._handle_read()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",in _handle_read
self._do_ssl_handshake()
File "/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py",in _do_ssl_handshake
if not self._verify_cert(self.socket.getpeercert()):
File "/home/me/.env/lib/python/site-packages/tornado/iostream.py",in _verify_cert
assert verify_mode in (ssl.CERT_NONE,ssl.CERT_OPTIONAL)
UnboundLocalError: local variable 'verify_mode' referenced before assignment
注意:在运行Flower with时一切正常
celery -B brokerURL flower --keyfile=/home/me/cert/key.pem --certfile=/home/me/cert/cert.pem
在/home/me/.env/lib/python3.7/site-packages/tornado/iostream.py中,有:
def _verify_cert(self,peercert: Any) -> bool:
"""Returns ``True`` if peercert is valid according to the configured
validation mode and hostname.
The ssl handshake already tested the certificate for a valid
CA signature; the only thing that remains is to check
the hostname.
"""
if isinstance(self._ssl_options,dict):
verify_mode = self._ssl_options.get("cert_reqs",ssl.CERT_NONE)
elif isinstance(self._ssl_options,ssl.SSLContext):
verify_mode = self._ssl_options.verify_mode
assert verify_mode in (ssl.CERT_NONE,ssl.CERT_OPTIONAL) # LINE 1481
if verify_mode == ssl.CERT_NONE or self._server_hostname is None:
return True
cert = self.socket.getpeercert()
if cert is None and verify_mode == ssl.CERT_required:
gen_log.warning("No SSL certificate given")
return False
try:
ssl.match_hostname(peercert,self._server_hostname)
except ssl.CertificateError as e:
gen_log.warning("Invalid SSL certificate: %s" % e)
return False
else:
return True
如何通过verify_mode = ssl.CERT_required将tornado传递到Flower?可以在_verify_cert内手动设置它。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
