[CalendarServer-changes] [2544] CalendarServer/trunk/twistedcaldav/tap.py
source_changes at macosforge.org
source_changes at macosforge.org
Thu Jun 5 16:31:23 PDT 2008
Revision: 2544
http://trac.macosforge.org/projects/calendarserver/changeset/2544
Author: wsanchez at apple.com
Date: 2008-06-05 16:31:23 -0700 (Thu, 05 Jun 2008)
Log Message:
-----------
Don't check permissions on SSL certs, just try to read them and handle the error if we can't.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/tap.py
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2008-06-05 22:55:21 UTC (rev 2543)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2008-06-05 23:31:23 UTC (rev 2544)
@@ -220,26 +220,6 @@
create=(0750, config.UserName, config.GroupName,),
)
- # Verify that ssl certs exist if needed
- if config.SSLPort:
- try:
- self.checkFile(
- config.SSLPrivateKey,
- "SSL Private key",
- access=os.R_OK,
- #permissions=0640,
- )
- self.checkFile(
- config.SSLCertificate,
- "SSL Public key",
- access=os.R_OK,
- #permissions=0644,
- )
- except ConfigurationError, e:
- log.err(str(e))
- log.err("Disabling SSL port")
- config.SSLPort = 0
-
#
# Nuke the file log observer's time format.
#
@@ -728,20 +708,24 @@
for port in config.BindSSLPorts:
log.info("Adding SSL server at %s:%s" % (bindAddress, port))
- contextFactory = ChainingOpenSSLContextFactory(
- config.SSLPrivateKey,
- config.SSLCertificate,
- certificateChainFile=config.SSLAuthorityChain,
- passwdCallback=_getSSLPassphrase
- )
+ try:
+ contextFactory = ChainingOpenSSLContextFactory(
+ config.SSLPrivateKey,
+ config.SSLCertificate,
+ certificateChainFile=config.SSLAuthorityChain,
+ passwdCallback=_getSSLPassphrase
+ )
+ except SSL.Error, e:
+ log.error("Unable to set up SSL context factory: %s" % (e,))
+ log.error("Disabling SSL port: %s" % (port,))
+ else:
+ httpsService = internet.SSLServer(
+ int(port), channel,
+ contextFactory, interface=bindAddress,
+ backlog=config.ListenBacklog
+ )
+ httpsService.setServiceParent(service)
- httpsService = internet.SSLServer(
- int(port), channel,
- contextFactory, interface=bindAddress,
- backlog=config.ListenBacklog
- )
- httpsService.setServiceParent(service)
-
# Change log level back to what it was before
setLogLevelForNamespace(None, oldLogLevel)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080605/872a6b6c/attachment.htm
More information about the calendarserver-changes
mailing list