[CalendarServer-changes] [2058]
CalendarServer/branches/getsslpassphrase/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Mon Dec 10 13:44:02 PST 2007
Revision: 2058
http://trac.macosforge.org/projects/calendarserver/changeset/2058
Author: dreid at apple.com
Date: 2007-12-10 13:44:01 -0800 (Mon, 10 Dec 2007)
Log Message:
-----------
First pass at a contextFactory that supports passwd callbacks, with a passwd callback that lets us call getsslpassphrase.
Modified Paths:
--------------
CalendarServer/branches/getsslpassphrase/twistedcaldav/config.py
CalendarServer/branches/getsslpassphrase/twistedcaldav/tap.py
Modified: CalendarServer/branches/getsslpassphrase/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/getsslpassphrase/twistedcaldav/config.py 2007-12-10 21:06:08 UTC (rev 2057)
+++ CalendarServer/branches/getsslpassphrase/twistedcaldav/config.py 2007-12-10 21:44:01 UTC (rev 2058)
@@ -118,6 +118,7 @@
"SSLCertificate": "/etc/certificates/Default.crt", # Public key
"SSLPrivateKey": "/etc/certificates/Default.key", # Private key
"SSLAuthorityChain": "", # Certificate Authority Chain
+ "SSLPassPhraseDialog": "/etc/apache2/getsslpassphrase",
#
# Process management
Modified: CalendarServer/branches/getsslpassphrase/twistedcaldav/tap.py
===================================================================
--- CalendarServer/branches/getsslpassphrase/twistedcaldav/tap.py 2007-12-10 21:06:08 UTC (rev 2057)
+++ CalendarServer/branches/getsslpassphrase/twistedcaldav/tap.py 2007-12-10 21:44:01 UTC (rev 2058)
@@ -311,10 +311,19 @@
from OpenSSL import SSL
from twisted.internet.ssl import DefaultOpenSSLContextFactory
+def _getSSLPassphrase(*args):
+ import commands
+ return commands.getoutput("%s %s:%s DSA" % (config.SSLPassPhraseDialog,
+ config.ServerHostName,
+ config.SSLPort))
+
+
class ChainingOpenSSLContextFactory(DefaultOpenSSLContextFactory):
def __init__(self, privateKeyFileName, certificateFileName,
- sslmethod=SSL.SSLv23_METHOD, certificateChainFile=None):
+ sslmethod=SSL.SSLv23_METHOD, certificateChainFile=None,
+ passwdCallback=None):
self.certificateChainFile = certificateChainFile
+ self.passwdCallback = passwdCallback
DefaultOpenSSLContextFactory.__init__(self,
privateKeyFileName,
@@ -322,12 +331,21 @@
sslmethod=sslmethod)
def cacheContext(self):
- DefaultOpenSSLContextFactory.cacheContext(self)
+ # Unfortunate code duplication.
+ ctx = SSL.Context(self.sslmethod)
+ if self.passwdCallback is not None:
+ ctx.set_passwd_cb(self.passwdCallback)
+
+ ctx.use_certificate_file(self.certificateFileName)
+ ctx.use_privatekey_file(self.privateKeyFileName)
+
if self.certificateChainFile != '':
- self._context.use_certificate_chain_file(self.certificateChainFile)
+ ctx.use_certificate_chain_file(self.certificateChainFile)
+ self._context = ctx
+
class CalDAVServiceMaker(object):
implements(IPlugin, service.IServiceMaker)
@@ -570,7 +588,12 @@
for port in config.BindSSLPorts:
logging.info("Adding SSL server at %s:%s" % (bindAddress, port), system="startup")
- contextFactory = ChainingOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate, certificateChainFile=config.SSLAuthorityChain)
+ contextFactory = ChainingOpenSSLContextFactory(
+ config.SSLPrivateKey,
+ config.SSLCertificate,
+ certificateChainFile=config.SSLAuthorityChain,
+ passwdCallback=_getSSLPassphrase)
+
httpsService = internet.SSLServer(int(port), channel, contextFactory, interface=bindAddress)
httpsService.setServiceParent(service)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20071210/ac83a9ad/attachment-0001.html
More information about the calendarserver-changes
mailing list