On Sep 26, 2011, at 8:27 AM, Ross Peoples wrote:
> It was the admin application, which should be using HTTPS when you access it
> over HTTPS right? I just tried with a test app and the same thing happens.
>
> I commented out like 518 in rocket.py and that silences the errors, but is
> that a good thing?
I don't know. I looked at the recent changes in rocket.py, and the addition of
that log line is the only change that I can see that looks relevant if you're
not using a client certificate. Notice the (existing) comment:
except SSLError:
# Generally this happens when an HTTP request is received on a
# secure socket. We don't do anything because it will be detected
# by Worker and dealt with appropriately.
self.err_log.error('SSL Error: %s' % traceback.format_exc())
<<<<<-- this was added
pass
It may well be that the lack of a log here was hiding *other* errors that we
ought to know about.
There is actually one other block of new code:
if conn.ssl:
try:
peercert = conn.socket.getpeercert(binary_form=True)
environ['SSL_CLIENT_RAW_CERT'] = \
peercert and ssl.DER_cert_to_PEM_cert(peercert)
except Exception,e:
print e
The cert is being captured for use by the X509 code. Looks harmless, and you're
not getting that exception.
>
> There might be another problem here. I just checked the traffic going to my
> test app and all requested files (including the static ones) are requested
> over HTTPS, however, Google Chrome has disabled my JavaScript because "This
> page has insecure content". All the static files are loaded locally (I'm not
> using a CDN or anything). So are the files getting returned to the browser
> over HTTP instead of HTTPS or something and that's why the rocket error was
> happening?
