search

jupyter / notebook

Jupyter Interactive Notebook
https://jupyter-notebook.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
11.62k stars 4.88k forks source link

Jupyter notebook SSL does not allow keyfile with PEM pass phrase #2595

Open charlie718y opened 7 years ago

charlie718y commented 7 years ago

Trying to enable Notebook SSL,

1) Creating a .pem and .key file, 2) To secure the .key file, I put a pass phrase on the .key file. 3) Update notebook config file to point to the certfile and keyfile, NotebookApp.certfile NotebookApp.keyfile

An exception is encountered when using browser to access the notebook webserver,

Enter PEM pass phrase: [E 15:24:43.503 NotebookApp] Exception in callback (<socket._socketobject object at 0x7f9bdc28a360>, <function null_wrapper at 0x7f9bdc0bb758>) Traceback (most recent call last): File "/var/install/lib/python2.7/site-packages/tornado/ioloop.py", line 888, in start handler_func(fd_obj, events) File "/var/install/lib/python2.7/site-packages/tornado/stack_context.py", line 277, in null_wrapper return fn(*args, kwargs) File "/var/install/lib/python2.7/site-packages/tornado/netutil.py", line 276, in accept_handler callback(connection, address) File "/var/install/lib/python2.7/site-packages/tornado/tcpserver.py", line 264, in _handle_connection do_handshake_on_connect=False) File "/var/install/lib/python2.7/site-packages/tornado/netutil.py", line 517, in ssl_wrap_socket context = ssl_options_to_context(ssl_options) File "/var/install/lib/python2.7/site-packages/tornado/netutil.py", line 494, in ssl_options_to_context context.load_cert_chain(ssl_options['certfile'], ssl_options.get('keyfile', None)) IOError: [Errno 22] Invalid argument**

gnestor commented 6 years ago

Can you share your update notebook config?

@minrk Any ideas?

charlie718y commented 6 years ago

Hi @gnestor

It's been a while, I no longer have the environment anymore, the issue was due to Tornado not exposing the password parameter in the load_cert_chain API. For more info, refer to, https://github.com/tornadoweb/tornado/issues/2113

In the end I had to stick with passwordless keyfiles. If you guys plan to provide support for password protected keyfiles. Give me a heads up.

Thanks, Charlie

gnestor commented 6 years ago

Thanks for following up @charlie718y! It would be nice to support password-protected keyfiles. We invite you and anyone else to contribute! I'll leave this open and mark as "help wanted".