I have been running a Flask-SocketIO program with uwsgi (2.0.15) and gevent as asynchronous. But when I'm trying to build uwsgi with ssl support then I'm getting the following error-
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
I am using Self Signed key and cert file built with OpenSSL (1.0.2.g) by the following command-
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
I have checked the official documentation of uwsgi for ssl support where they suggest that Self Signed Key could be used. But, still, My question is that does uwsgi actually have ssl support for Self Signed key using OpenSSL at all ?
Here's the command I am using to build uwsgi with ssl -
uwsgi --https :5006,cert.pem,key.pem --gevent 1000 --http-websockets --master --wsgi-file server.py --callable app
And here's my complete traceback of the error:
Traceback (most recent call last):
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/engineio/server.py", line 405, in _trigger_event
return self.handlers[event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 520, in _handle_eio_message
self._handle_event(sid, pkt.namespace, pkt.id, pkt.data)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 456, in _handle_event
self._handle_event_internal(self, sid, data, namespace, id)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 459, in _handle_event_internal
r = server._trigger_event(data[0], namespace, sid, *data[1:])
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 488, in _trigger_event
return self.handlers[namespace][event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 243, in _handler
*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 626, in _handle_event
ret = handler(*args)
File "server.py", line 84, in chat_message
response = request.getresponse()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 128, in getresponse
self._connect()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 82, in _connect
self._connection.connect()
File "/usr/lib/python3.5/http/client.py", line 1260, in connect
server_hostname=server_hostname)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 60, in wrap_socket
_session=session)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 232, in __init__
raise x
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 228, in __init__
self.do_handshake()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 545, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
So, if uwsgi really support Self Signed Key, then what could be the reason of that error ? Or, is there any issue with gevent ?
As I do not have any registered domain name on my own, I can't get CA signed certificate at this moment.
Based on the stack trace, this isn't a problem with the self-signed certificate that you are using on your server. You have a function in your application called chat_message() that is an event handler. In this function you are sending an HTTP request using the requests library, correct?
The server that you are contacting in this event handler is also https://, and the certificate that it is providing could not be validated by the requests library. If that service is also using a self-signed certificate, then you need to configure requests to bypass validation, as follows:
requests.get(url, verify=False)