If you start up web2py with key/cert for SSL, web2py runs in SSL mode.
In the startup message it says you can connect via http, but if you attempt
to connect via plain http, you will get a
"Bad Request"
in your browser.
[d...@thinkbox web2py]$ python web2py.py -c mycert.pem -k mycert.pem -i
192.168.1.119 -a hi
web2py Enterprise Web Framework
Created by Massimo Di Pierro, Copyright 2007-2010
Version 1.88.2 (2010-10-29 23:04:43)
Database drivers available: SQLite3
Starting hardcron...
please visit:
http://192.168.1.119:8000
use "kill -SIGTERM 30522" to shutdown the web2py server
=============
Here are some thoughts:
* If not running SSL and you specified a non-loopback interface for web2py
to run on, the command line "should" warn about possible disablement of
admin site?
* Check that if you specify a cert on command line, you need to specify a
key (and vice-versa?)
-- The command line silently "fails" (although there is checking in
main.py:)
if not ssl_certificate or not ssl_private_key:
logger.info('SSL is off')
* Do a check that private key and cert match.
And now for the more interesting item, for some reason SSL connection still
works with the following cert private key (note:I zeroed out a line in my
private key!)
Am I missing something here...?
[d...@thinkbox web2py]$ cat mycert.pem
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIJAKXRQfLWAi/BMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQwHhcNMTAxMDE2MjEyNTA1WhcNMTExMDE2MjEyNTA1WjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5TBJypoZfgg630Sx7olCd0PDNhx6dghffVecgW+1BkD7uAGbCaSXg7AgiwTNZJmw
VO6oiivRgaZi39XG7gy//2uxXcu7d116GkYTRxUSx845O8cCeQm0Kj/ucQ6IfheR
RTtVAUThBTKNEAtM6Mx6wGk3uHVktvh/MqTKhIvbuJmwj8BLB7w+d99tD4981Fhc
mvAYIGnf/0jOwG79LiG6DNIuQyPXnVUtf5S6pU2XaJwmUMy2kkhgowvIM33pNKLi
T0D7LjbvxlrcvfgwoH6GfCT38UX1oGyWJT45cFRiTSXBgxAHajlyM6r5YhTnFCmZ
hVjjGpXtQcQk9obCX6wI0wIDAQABo1AwTjAdBgNVHQ4EFgQULPMBvZYIXHsebZ+W
PpSjvxH2gjswHwYDVR0jBBgwFoAULPMBvZYIXHsebZ+WPpSjvxH2gjswDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEARDXQp8o7aeoiYIsYbqHxpjRyDwDc
D0klMH86ToLY13ZSRJzk3WzXIqKnPAeae1IyZ66SH9PQU/u8vQLvvReapF1kiOnD
n6+knUad22olxLVXZ9thyB6NZco9Mh8q3jz27GtSXEQNaVwVQJ2IwsC5XUz1yKgz
ZJbeW8AdqP9PlacgowYPFMiWvOD1VzRKW5NY5TUKV3cE4JJCiWH0rx7t5GV8vuXM
xffdZpfUODI0YOxIGVJNwKf8SpMiahyvb4otFnzT3lBqPuyT2EEcqAt2MRsGI2R3
l/lUlt4IDxsN31BEKAySfUeDPqOKo0MyA2yZ0z85Lgsm5nVJm4NBt2B7tw==
-----END CERTIFICATE-----
[d...@thinkbox web2py]$ cat mybad.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA5TBJypoZfgg630Sx7olCd0PDNhx6dghffVecgW+1BkD7uAGb
CaSXg7AgiwTNZJmwVO6oiivRgaZi39XG7gy//2uxXcu7d116GkYTRxUSx845O8cC
eQm0Kj/ucQ6IfheRRTtVAUThBTKNEAtM6Mx6wGk3uHVktvh/MqTKhIvbuJmwj8BL
B7w+d99tD4981FhcmvAYIGnf/0jOwG79LiG6DNIuQyPXnVUtf5S6pU2XaJwmUMy2
kkhgowvIM33pNKLiT0D7LjbvxlrcvfgwoH6GfCT38UX1oGyWJT45cFRiTSXBgxAH
ajlyM6r5YhTnFCmZhVjjGpXtQcQk9obCX6wI0wIDAQABAoIBAASpX8bcLYqPtkrW
Rdw5NH3ihfTyzVbbQr306z0Cvabb6YLLnZCrpV1LVs4dEeRq79g6Znkw/PjrHnW5
DmvHHJygXyIuQ6jg4Nvp8vhuKEyiGC3sFVPK67w0QrBQAFy4M/85frgg44bMiWv7
HtxZVGHXggehc6P5F/U6vtfFVHnDtKX93g+NPOYpXQTcO30QftSvYqjgx/2wMhOk
ItIPOOrKWEwr6Ogjum+g/2u06JgD/vPBpR5Nurs0LUL6H1K50DDOPjlKAQ1LtIJe
qRw6PB4qMJWP9qTgkiDq98jKJ0zzDDvWjGhz5DqepK8+dyZqF6/1PPJxdE5l6K3I
AqeVQdkCgYEA9LboYrJpdBScz26I5Q5nL5+iwSvYNIlRLDocjfzrkeXicfTiCzim
TCHWgVzRL0E78TASELIvioeJ7unpk7a7KiacO2Cat/CwhfUE/aKkiSJbvw/BrmRU
PY8N65fVRc2UQK51FlulCjNG4TgbMJIQxmVS3zXPhdmr7GAWbyUWNhUCgYEA78IV
KSo/TqHRRdHzIQfRUNwmGH049/9wGBbkr67NfsNnv6nS+L81NBH+Ko1eMpZELLmt
OofIvuHpFMryMBJVAr8gOv7sPJQIGIwJxMcNMz1NyJSXoq4hXwXAA2Crpi1ODyj0
xdiOg47qRwuaYaVjILPqL73ne/vuJdOR2YxqJUcCgYEAxTjMXQ7Q8l7SalL5PTG4
c6dCclC1tNGee/hxnvVhnXoaYCEuNED5tY3n5OY7KMx4VM+bH52btxe5ULVwLD4u
5a+sZiZbSzdN7Qgld4ym8magboFyZOwzAFHUtDTwC4u9mcuATf6aKnhc/ZJMR37Q
yjRK793cXFGrv5tJOVY4amkCgYB61FyQ7VLnjuEuuuOrDV0/5rkhnK2d5+BehwP7
uTsP8T3qpC8wPo0cMweadzhGBFPC8hD8Rmoi2IvXmi0/UXT55j612rneQxxurvem
*0000000000000000000000000000000000000000000000000000000000000000*
NZN/qwKBgAYFIvQswsUflJdpwgpDIcKtwhRJdXqU01v+NuJPDvv1n8/nWkpPNsq3
x7rWUsW+hflwxAh9W+l1fnPvo2m66Ega83H4CpJ/a8l306fpBqh/jB07cLfcl2T1
TfeiVQycQCVPlevvocnm5j2XCgT3Y0GHe6J5WiqyYCjrq6a/f55g
-----END RSA PRIVATE KEY-----
