Ticket #665 (defect)
Opened 1 year ago
Last modified 1 year ago
ssl certificate exceptions are not logged
Status: closed (fixed)
| Reported by: | hdbsfeq02@sneakemail.com | Assigned to: | rdelon |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.1 |
| Component: | CherryPy code | Keywords: | |
| Cc: |
When running in SSL mode, if the ssl_private_key or ssl_certificate files do not exist, the CPHTTPServer thread fails without logging an error. It seems that the particular exception type raised by SSL.Context.use_privatekey_file() is not caught by CherryPy, so it just falls through unhandled, leaving my server running but inoperable. All unhandled exceptions really should be sent to the logger.
This is particularly problematic when running as a daemon, since no screen output is produced either.
Exception in thread CPHTTPServer Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.4/threading.py", line 442, in __bootstrap
self.run()
File "/usr/lib/python2.4/threading.py", line 422, in run
self.__target(*self.__args, **self.__kwargs)
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.0-py2.4.egg/cherrypy/_cpserver.py", line 126, in _start_http_thread
httpserver.start()
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.0-py2.4.egg/cherrypy/wsgiserver.py", line 808, in start
bind(af, socktype, proto)
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.0-py2.4.egg/cherrypy/wsgiserver.py", line 761, in bind
ctx.use_privatekey_file(self.ssl_private_key)
Error: [('system library', 'fopen', 'No such file or directory'), ('BIO routines', 'FILE_CTRL', 'system lib'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'system lib')]
Change History
03/04/07 05:16:25: Modified by lawouach
- milestone set to 3.1.
03/04/07 09:36:06: Modified by fumanchu
- description changed.
Once I get the site container done, it will have site-wide logging that should take care of this.
06/22/07 22:00:19: Modified by fumanchu
- status changed from new to closed.
- resolution set to fixed.
Fixed in [1683].
More generally the problem seems to be how exceptions and errors are bubbled up from the WSGI server to the _cpserver.py module.
Because the WSGI server module is independant from the rest of CherryPy we cannot do the CherryPy logging there but there should be a way to catch those errors into the _start_http_thread method of the Server class (_cpserver.py).