Shulou(Shulou.com)06/02 Report--

How to implement https access function in tornado? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

First of all, what we need, of course, is Tornado, Python, and OpenSSL. Here we just record the establishment of ssl. We don't need to talk about other knowledge under linux for the time being. If necessary, we will open another topic later.

In fact, Tornado itself already supports SSL, so our main thing here is to generate available certificates.

Go to the bin folder of the OpenSSL installation directory, and refer to the openssl.cfg/openssl.cnf file to set the directory to be used for the certificate according to your own needs. Here we use the default.

First create a demoCA directory under OpenSSL, then create a certs, newcerts folder under the demoCA directory, and then create a blank index.txt under the demoCA directory.

Then create a serial file and fill it with any hexadecimal number, such as 0000, using vim or other tools

Then you can start to create a certificate. Here I refer to what another brother wrote:

1. The first step is to generate the server-side private key (key file):

Openssl genrsa-des3-out server.key 1024

The runtime will prompt for a password, which is used to encrypt key files. (the parameter des3 refers to the encryption algorithm. Of course, you can also choose other algorithms that you think are secure.)

In the future, you need to enter a password whenever you need to read this file (through the command provided by openssl or API). If you find it inconvenient, you can also remove this password, but you must take other protective measures!

The command to remove the key file password:

Openssl rsa-in server.key-out server.key

2.openssl req-new-key server.key-out server.csr-config openssl.cnf

Generate Certificate Signing Request (CSR), and send the generated csr file to CA for signature to form the server's own certificate. There will be a prompt on the screen and follow the instructions to enter the required personal information step by step.

3. Make the same command to the client to generate key and csr files:

Openssl genrsa-des3-out client.key 1024

Openssl req-new-key client.key-out client.csr-config openssl.cnf

4.CSR files must be signed by CA to form a certificate. Can send this file to verisign and other places to be verified by it, to pay a lot of money, why not do your own CA.

1) create new directories demoCA, demoCA/certs, demoCA/certs, demoCA/newcerts under the bin directory

2) create an empty file index.txt in demoCA

3) create a text file serial in demoCA with no extension, and the content is a legal hexadecimal number, such as 0000

4) openssl req-new-x509-keyout ca.key-out ca.crt-config openssl.cnf

5. Sign the server.csr,client.csr file you just generated with the certificate of the generated CA:

Openssl ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config openssl.cnf

Openssl ca-in client.csr-out client.crt-cert ca.crt-keyfile ca.key-config openssl.cnf

Ok, you should have created a usable certificate here. If there is an error when signing the file, the information is probably incorrect. You can clear the information in the index.txt at this time.

Then redo the failed operation in step 5.

Then you can test tornado's certificate for using ssl.

Write a test project, which is actually just a py file, such as:

Code

Import os

Import ssl

From tornado.httpserver import HTTPServer

From tornado.web import Application, RequestHandler

From tornado.ioloop import IOLoop

Class TestHandler (RequestHandler):

Def get (self):

Self.write ("Hello, World!\ n")

Settings = {

"static_path": os.path.join (os.path.dirname (_ file__), "static")

}

Application = Application ([

(r "/", TestHandler)

], * * settings)

If _ name__ = = "_ _ main__":

Server = HTTPServer (application,ssl_options= {

"certfile": os.path.join (os.path.abspath (.), "server.crt")

"keyfile": os.path.join (os.path.abspath (.), "server.key")

})

Server.listen (8000)

IOLoop.instance () .start ()

Then throw the relevant certificate into the directory of the py file. Change it to the appropriate name.

Then start the service.

Python test.py

Then try to visit it with a browser or curl, and I'll use curl here.

Curl https://localhost:8000 # the default port I use here is 8000

This is the answer to the question about how to achieve https access in tornado. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.