[CalendarServer-changes] [1701] CalendarServer/trunk/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Fri Jul 20 15:48:59 PDT 2007
Revision: 1701
http://trac.macosforge.org/projects/calendarserver/changeset/1701
Author: dreid at apple.com
Date: 2007-07-20 15:48:59 -0700 (Fri, 20 Jul 2007)
Log Message:
-----------
Fix rdar://5319991 by using a new OpenSSLContextFactory that calls use_certificate_chain_file on the context.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/config.py
CalendarServer/trunk/twistedcaldav/tap.py
Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py 2007-07-20 21:20:04 UTC (rev 1700)
+++ CalendarServer/trunk/twistedcaldav/config.py 2007-07-20 22:48:59 UTC (rev 1701)
@@ -117,6 +117,7 @@
#
"SSLCertificate": "/etc/certificates/Default.crt", # Public key
"SSLPrivateKey": "/etc/certificates/Default.key", # Private key
+ "SSLAuthorityChain": "", # Certificate Authority Chain
#
# Process management
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2007-07-20 21:20:04 UTC (rev 1700)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2007-07-20 22:48:59 UTC (rev 1701)
@@ -304,7 +304,26 @@
raiseOrPrint("The group of %s directory %s is unknown (%s) and does not match the expected group: %s"
% (description, path, pathstat[stat.ST_GID], gname))
+from OpenSSL import SSL
+from twisted.internet.ssl import DefaultOpenSSLContextFactory
+class ChainingOpenSSLContextFactory(DefaultOpenSSLContextFactory):
+ def __init__(self, privateKeyFileName, certificateFileName,
+ sslmethod=SSL.SSLv23_METHOD, certificateChainFile=None):
+ self.certificateChainFile = certificateChainFile
+
+ DefaultOpenSSLContextFactory.__init__(self,
+ privateKeyFileName,
+ certificateFileName,
+ sslmethod=sslmethod)
+
+ def cacheContext(self):
+ DefaultOpenSSLContextFactory.cacheContext(self)
+
+ if self.certificateChainFile != '':
+ self._context.use_certificate_chain_file(self.certificateChainFile)
+
+
class CalDAVServiceMaker(object):
implements(IPlugin, service.IServiceMaker)
@@ -531,9 +550,6 @@
elif config.SSLPort != 0:
config.BindSSLPorts = [config.SSLPort]
- if config.BindSSLPorts:
- from twisted.internet.ssl import DefaultOpenSSLContextFactory
-
for port in config.BindHTTPPorts:
log.msg("Adding server at %s:%s" % (bindAddress, port))
@@ -543,7 +559,7 @@
for port in config.BindSSLPorts:
log.msg("Adding SSL server at %s:%s" % (bindAddress, port))
- contextFactory = DefaultOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate)
+ contextFactory = ChainingOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate, certificateChainFile=config.SSLAuthorityChain)
httpsService = internet.SSLServer(int(port), channel, contextFactory, interface=bindAddress)
httpsService.setServiceParent(service)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070720/b6204bcd/attachment.html
More information about the calendarserver-changes
mailing list