Updating TCPServer to allow tests (and potentially other use cases) to serve

certificate chains instead of only single certificates.
2024-11-27 02:24:18 +00:00 · 2015-06-20 12:54:03 -07:00 · 2015-06-20 12:54:03 -07:00 · 7afe44ba4e
commit 7afe44ba4e
parent 2aa1b98fbf
2 changed files with 7 additions and 4 deletions
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@ -567,7 +567,8 @@ class BaseHandler(_Connection):
                           dhparams=None,
                           **sslctx_kwargs):
        """
-            cert: A certutils.SSLCert object.
+            cert: A certutils.SSLCert object or the path to a certificate
+            chain file.

            handle_sni: SNI handler, should take a connection object. Server
            name can be retrieved like this:
@ -594,7 +595,10 @@ class BaseHandler(_Connection):
        context = self._create_ssl_context(**sslctx_kwargs)

        context.use_privatekey(key)
-        context.use_certificate(cert.x509)
+        if isinstance(cert, certutils.SSLCert):
+            context.use_certificate(cert.x509)
+        else:
+            context.use_certificate_chain_file(cert)

        if handle_sni:
            # SNI callback happens during do_handshake()
--- a/test/tservers.py
+++ b/test/tservers.py
@ -72,10 +72,9 @@ class TServer(tcp.TCPServer):
        h = self.handler_klass(request, client_address, self)
        self.last_handler = h
        if self.ssl is not None:
-            raw_cert = self.ssl.get(
+            cert = self.ssl.get(
                "cert",
                tutils.test_data.path("data/server.crt"))
-            cert = certutils.SSLCert.from_pem(open(raw_cert, "rb").read())
            raw_key = self.ssl.get(
                "key",
                tutils.test_data.path("data/server.key"))