Ticket #254 (new enhancement)

Opened 4 years ago

Last modified 3 years ago

Allow the setup of a custom ssl_context

Reported by: s0undt3ch Owned by: ianb
Priority: normal Milestone: 1.4.1
Component: paste Version: svn-trunk
Severity: normal Keywords:
Cc:

Description

Currently, unless one overrides server_runner there's no way to provide a diferent ssl_context.

Here's a patch the enables just that.

Attachments

custom.ssl_context.2.patch Download (5.2 KB) - added by s0undt3ch 4 years ago.
more source code comments
custom.ssl_context.patch Download (5.2 KB) - added by s0undt3ch 4 years ago.
more source code comments
ssl_options.patch Download (31.0 KB) - added by s0undt3ch 4 years ago.

Change History

Changed 4 years ago by s0undt3ch

This paste is a sugestion to handle ssl errors(so we don't loose it):

 http://paste.pocoo.org/show/40106/

Changed 4 years ago by s0undt3ch

That last attachment catches all SSL.Error's and calls WSGIHandlerMixIn.wsgi_connection_drop(error).

If one want's to better take care of socket errors that's the method to override as stated in source. I can't seem to cleanly do it any other way.

Do note that errors do seem to reach the other end, maybe it's PyOpenSSL sending then because clients are aware of those errors, we aparently just cant customize the messages sent.

Anyway, at least like this one can implement minimal certificate client authentication.

Changed 4 years ago by s0undt3ch

more source code comments

Changed 4 years ago by s0undt3ch

more source code comments

Changed 4 years ago by s0undt3ch

This last patch, changes the way ssl_context is handled. It's now created based on the options passed by the user.

Changed 4 years ago by s0undt3ch

Note: See TracTickets for help on using tickets.