[CalendarServer-changes] [1701] CalendarServer/trunk/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Fri Jul 20 15:48:59 PDT 2007


Revision: 1701
          http://trac.macosforge.org/projects/calendarserver/changeset/1701
Author:   dreid at apple.com
Date:     2007-07-20 15:48:59 -0700 (Fri, 20 Jul 2007)

Log Message:
-----------
Fix rdar://5319991 by using a new OpenSSLContextFactory that calls use_certificate_chain_file on the context.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/config.py
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py	2007-07-20 21:20:04 UTC (rev 1700)
+++ CalendarServer/trunk/twistedcaldav/config.py	2007-07-20 22:48:59 UTC (rev 1701)
@@ -117,6 +117,7 @@
     #
     "SSLCertificate": "/etc/certificates/Default.crt", # Public key
     "SSLPrivateKey": "/etc/certificates/Default.key",  # Private key
+    "SSLAuthorityChain": "",                           # Certificate Authority Chain
 
     #
     # Process management

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2007-07-20 21:20:04 UTC (rev 1700)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2007-07-20 22:48:59 UTC (rev 1701)
@@ -304,7 +304,26 @@
                 raiseOrPrint("The group of %s directory %s is unknown (%s) and does not match the expected group: %s"
                              % (description, path, pathstat[stat.ST_GID], gname))
 
+from OpenSSL import SSL
+from twisted.internet.ssl import DefaultOpenSSLContextFactory
 
+class ChainingOpenSSLContextFactory(DefaultOpenSSLContextFactory):
+    def __init__(self, privateKeyFileName, certificateFileName,
+                 sslmethod=SSL.SSLv23_METHOD, certificateChainFile=None):
+        self.certificateChainFile = certificateChainFile
+
+        DefaultOpenSSLContextFactory.__init__(self,
+                                              privateKeyFileName,
+                                              certificateFileName,
+                                              sslmethod=sslmethod)
+
+    def cacheContext(self):
+        DefaultOpenSSLContextFactory.cacheContext(self)
+
+        if self.certificateChainFile != '':
+            self._context.use_certificate_chain_file(self.certificateChainFile)
+
+
 class CalDAVServiceMaker(object):
     implements(IPlugin, service.IServiceMaker)
 
@@ -531,9 +550,6 @@
             elif config.SSLPort != 0:
                 config.BindSSLPorts = [config.SSLPort]
 
-            if config.BindSSLPorts:
-                from twisted.internet.ssl import DefaultOpenSSLContextFactory
-
             for port in config.BindHTTPPorts:
                 log.msg("Adding server at %s:%s" % (bindAddress, port))
 
@@ -543,7 +559,7 @@
             for port in config.BindSSLPorts:
                 log.msg("Adding SSL server at %s:%s" % (bindAddress, port))
 
-                contextFactory = DefaultOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate)
+                contextFactory = ChainingOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate, certificateChainFile=config.SSLAuthorityChain)
                 httpsService = internet.SSLServer(int(port), channel, contextFactory, interface=bindAddress)
                 httpsService.setServiceParent(service)
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070720/b6204bcd/attachment.html


More information about the calendarserver-changes mailing list