当前位置 博文首页 > KEY_TOO_SMALL 解决办法_lyndon:SSL: EE
源码目录树
$ tree
.
├── hello.py
├── server.crt
└── server.key
hello.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return 'hello'
if __name__ == '__main__':
app.run(host='127.0.0.1', port=5000, ssl_context=('server.crt', 'server.key'))
启动报错
$ python3 hello.py
* Serving Flask app "hello" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
Traceback (most recent call last):
File "hello.py", line 9, in <module>
app.run(host='127.0.0.1', port=5000, ssl_context=('server.crt', 'server.key'))
File "/home/liyongjun/.local/lib/python3.8/site-packages/flask/app.py", line 990, in run
run_simple(host, port, self, **options)
File "/home/liyongjun/.local/lib/python3.8/site-packages/werkzeug/serving.py", line 1052, in run_simple
inner()
File "/home/liyongjun/.local/lib/python3.8/site-packages/werkzeug/serving.py", line 996, in inner
srv = make_server(
File "/home/liyongjun/.local/lib/python3.8/site-packages/werkzeug/serving.py", line 847, in make_server
return ThreadedWSGIServer(
File "/home/liyongjun/.local/lib/python3.8/site-packages/werkzeug/serving.py", line 766, in __init__
self.socket = ssl_context.wrap_socket(sock, server_side=True)
File "/home/liyongjun/.local/lib/python3.8/site-packages/werkzeug/serving.py", line 656, in wrap_socket
return ssl.wrap_socket(
File "/usr/lib/python3.8/ssl.py", line 1402, in wrap_socket
context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:4022)
原因是使用的私钥长度太短了,需要高于 1024 位,这里我们再重新生成一个 2048 位的密钥和证书:
# 生成私钥(Generate a private key) : server.key
openssl genrsa -des3 -out server.key 2048
# Generate a CSR : server.csr
openssl req -new -key server.key -out server.csr
# Remove Passphrase from key : server.key.org 、server.crt
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
# 产生自签名证书(Generate self signed certificate): server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
替换掉上面的私钥和证书文件就可以了
再次运行:
$ python3 hello.py
* Serving Flask app "hello" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
* Running on https://127.0.0.1:5000/ (Press CTRL+C to quit)
访问成功:
