From 7afe44ba4ee8810e24abfa32f74dfac61e5551d3 Mon Sep 17 00:00:00 2001 From: Kyle Morton Date: Sat, 20 Jun 2015 12:54:03 -0700 Subject: [PATCH] Updating TCPServer to allow tests (and potentially other use cases) to serve certificate chains instead of only single certificates. --- netlib/tcp.py | 8 ++++++-- test/tservers.py | 3 +-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/netlib/tcp.py b/netlib/tcp.py index 77eb7b52f..61306e4e5 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -567,7 +567,8 @@ class BaseHandler(_Connection): dhparams=None, **sslctx_kwargs): """ - cert: A certutils.SSLCert object. + cert: A certutils.SSLCert object or the path to a certificate + chain file. handle_sni: SNI handler, should take a connection object. Server name can be retrieved like this: @@ -594,7 +595,10 @@ class BaseHandler(_Connection): context = self._create_ssl_context(**sslctx_kwargs) context.use_privatekey(key) - context.use_certificate(cert.x509) + if isinstance(cert, certutils.SSLCert): + context.use_certificate(cert.x509) + else: + context.use_certificate_chain_file(cert) if handle_sni: # SNI callback happens during do_handshake() diff --git a/test/tservers.py b/test/tservers.py index 899b51bd4..5c1ea08bf 100644 --- a/test/tservers.py +++ b/test/tservers.py @@ -72,10 +72,9 @@ class TServer(tcp.TCPServer): h = self.handler_klass(request, client_address, self) self.last_handler = h if self.ssl is not None: - raw_cert = self.ssl.get( + cert = self.ssl.get( "cert", tutils.test_data.path("data/server.crt")) - cert = certutils.SSLCert.from_pem(open(raw_cert, "rb").read()) raw_key = self.ssl.get( "key", tutils.test_data.path("data/server.key"))