Python3 CGI HTTPS服务器在Unix上失败 [英] Python3 CGI HTTPS server fails on Unix

问题描述

此Python3 CGI HTTPS服务器曾经在几周(或几个月)之前可以工作，但现在在Linux(Ubuntu)下不再可用.我在Ubuntu 10.04和Ubuntu 14.04上尝试过，其行为是相同的.

This Python3 CGI HTTPS server used to work a few weeks (or months) ago, but now no longer works under Linux (Ubuntu). I tried on Ubuntu 10.04 and Ubuntu 14.04 and the behavior is the same.

现在，当我尝试访问任何CGI脚本时，我会得到:

Now when I try to access any CGI script I am getting:

Secure Connection Failed

An error occurred during a connection to 127.0.0.1:4443. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) 

以下是服务器的代码:

import http.server
import ssl
import os

server_address = ('', 4443)
cert = os.path.abspath('./server.pem')

handler = http.server.CGIHTTPRequestHandler
handler.cgi_directories = ['/cgi-bin']

httpd = http.server.HTTPServer(server_address, handler)
httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, 
                                certfile=cert)

print ("Server started...")
httpd.serve_forever()

服务器记录以下错误:

File "/usr/lib/python3.4/ssl.py", line 618, in read
v = self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: SSLV3_ALERT_UNEXPECTED_MESSAGE] sslv3 alert unexpected message (_ssl.c:1767)

如果我禁用SSL并在带有SSL的Windows上正常运行，则此方法有效.使用Python 3.4测试. 奇怪的是，这几个月前就奏效了 任何人都可以获取此脚本(或任何python3 CGI HTTPS服务器)以在更新的Linux系统上运行吗?

This works if I disable SSL and works fine on Windows with SSL. Tested with Python 3.4. The strange thing is that this worked a few months back Can anyone get this script (or any python3 CGI HTTPS server) to run on updated Linux systems?

推荐答案

我在以下位置找到了答案:
http://www.castro.aus.net/〜maurice/OddsAndEnds/blog/files/d2baf24c48b972f18836cac7a27734e2-35.html

I found the answer at:
http://www.castro.aus.net/~maurice/OddsAndEnds/blog/files/d2baf24c48b972f18836cac7a27734e2-35.html

解决方案是添加:

http.server.CGIHTTPRequestHandler.have_fork=False # Force the use of a subprocess

在启动服务器之前.

这对于Mac和Unix实施是必需的，因为出于效率原因，它们使用派生来启动执行CGI的进程，而不是创建其他实现(即Windows)所使用的子进程.在非包装的CGI实现中，fork可以正常工作，并且输出可以正确发送到套接字，但是，当套接字为SSL包裹时，事情将变得非常错误.

This is required for Mac and Unix implementation because, for efficiency reasons, they employ a fork to start the process that executes the CGI rather than creating a subprocess as used by other implementations (i.e. Windows). In a non-wrapped CGI implementation the fork works fine and the output is sent to the socket correctly, however, when the socket is SSL wrapped things go terribly wrong.

解决方案是强制Unix和Mac实现使用子进程，使SSL套接字愉快地工作，并让Python Server将CGI脚本的输出传输到客户端，同时将输出转换为SSL.

The solution is to force the Unix and Mac implementations to use a subprocess leaving the SSL socket happily working and having the Python Server transfer the output of the CGI script to the client while translating the output into SSL.

我仍然不知道为什么这曾经起作用！

I still have no clue why this used to work!

这篇关于Python3 CGI HTTPS服务器在Unix上失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！