Comments (7)
pgjones
commented on May 9, 2024
Thanks, I've not seen this before, could you try this patch?
diff --git a/hypercorn/config.py b/hypercorn/config.py
index 1ebf116..61f8bce 100644
--- a/hypercorn/config.py
+++ b/hypercorn/config.py
@@ -155,13 +155,13 @@ class Config:
except NotImplementedError:
pass # NPN is not necessarily available
- context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
- if self.ca_certs is not None:
- context.load_verify_locations(self.ca_certs)
if self.verify_mode is not None:
context.verify_mode = self.verify_mode
if self.verify_flags is not None:
context.verify_flags = self.verify_flags
+ if self.ca_certs is not None:
+ context.load_verify_locations(self.ca_certs)
+ context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
return contextfrom hypercorn.
tjtaill
commented on May 9, 2024
I will try the patch sorry been busy learning azure
from hypercorn.
tjtaill
commented on May 9, 2024
I tried you patch it didn't work unfortunately. Tried a couple of other things as well like loading the cafile in the creation of the ssl context that didn't work either. There might be something wrong with my certificates I will try with another server or maybe try with pure python ssl and see if I can get that to work
from hypercorn.
pgjones
commented on May 9, 2024
Hmm, this is weird. Please update with what you find.
from hypercorn.
tjtaill
commented on May 9, 2024
Ok sorry I took so long in the end there is nothing wrong with hypercorn's code I have it working fine
it was just very complicated to figure out how to setup the certificate chain so that it would be trusted is all. There was a bug in the key file generated by the provider as well.
from hypercorn.
pgjones
commented on May 9, 2024
Do the hypercorn docs on SSL setup need improving, or was the complication outside of hypercorn?
from hypercorn.
tjtaill
commented on May 9, 2024
Do the hypercorn docs on SSL setup need improving, or was the complication outside of hypercorn?
The complication is from python SSL, you need to pip install certifi to get the CA file you need, and then setup your certfile file in following format
certificate
intermediate certificates
root certificate
they have to be in the correct order and the root certificate has to be in the ca file as well
the python ssl docs are not great either it seems to suggest you should use the verify_mode to
CERT_REQUIRED but this is wrong and what it means is the client has to supply a valid certificate which you don't want
here is my hypercorn python config file I use
import certifi
bind = ['0.0.0.0:443']
ca_certs = certifi.where()
certfile = 'cert_prod.pem'
keyfile = 'key_prod.pem'go daddy also gave me a corrupted key file so I needed to debug that as well
so goes my adventures in python ssl
from hypercorn.
Related Issues (20)
- Running a second server on the same port doesn't fail on Windows
- Support for PROXY-Protocol HOT 2
- Improve WSGI behavior for large requests.
- Servercrash with autobahn testcase 7.1.6 on trio HOT 4
- Support for add_middleware() HOT 3
- Graceful shutdown not possible on Windows HOT 1
- Hypercorn on a background thread? HOT 1
- `--quic-bind 0.0.0.0:4433` fails to listen on port 4433 and browser fails to reach my application HOT 3
- Flask CORS + Hypercorn middleware not working on invalid origin requests HOT 2
- `InvalidStateError` during termination when running hypercorn programatically through anyio. HOT 1
- Duplicate logs with "--access-log -" option HOT 2
- ASGIWrapper: make sync_spawn and call_soon optional HOT 1
- Error : unable to perform operation on <TCPTransport>; the handler is closed mechanism asgi handled
- question: running ProcessPoolExecutor inside web-app served by hypercorn HOT 1
- How could I ignore all the hypercorn output? HOT 2
- Should Hypercorn be proxied behind nginx? HOT 1
- Analog to uvicorn/gunicorn `--forwarded-allow-ips`
- Handling log file rotation
- Unhandled KeyError with HTTP/2 HOT 6
- Websocket endpoint and ProxyFixMiddleware
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hypercorn.