[CalendarServer-changes] [2544] CalendarServer/trunk/twistedcaldav/tap.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Jun 5 16:31:23 PDT 2008 

Revision: 2544
          http://trac.macosforge.org/projects/calendarserver/changeset/2544
Author:   wsanchez at apple.com
Date:     2008-06-05 16:31:23 -0700 (Thu, 05 Jun 2008)

Log Message:
-----------
Don't check permissions on SSL certs, just try to read them and handle the error if we can't.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2008-06-05 22:55:21 UTC (rev 2543)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2008-06-05 23:31:23 UTC (rev 2544)
@@ -220,26 +220,6 @@
             create=(0750, config.UserName, config.GroupName,),
         )
 
-        # Verify that ssl certs exist if needed
-        if config.SSLPort:
-            try:
-                self.checkFile(
-                    config.SSLPrivateKey,
-                    "SSL Private key",
-                    access=os.R_OK,
-                    #permissions=0640,
-                )
-                self.checkFile(
-                    config.SSLCertificate,
-                    "SSL Public key",
-                    access=os.R_OK,
-                    #permissions=0644,
-                )
-            except ConfigurationError, e:
-                log.err(str(e))
-                log.err("Disabling SSL port")
-                config.SSLPort = 0
-
         #
         # Nuke the file log observer's time format.
         #
@@ -728,20 +708,24 @@
             for port in config.BindSSLPorts:
                 log.info("Adding SSL server at %s:%s" % (bindAddress, port))
 
-                contextFactory = ChainingOpenSSLContextFactory(
-                    config.SSLPrivateKey,
-                    config.SSLCertificate,
-                    certificateChainFile=config.SSLAuthorityChain,
-                    passwdCallback=_getSSLPassphrase
-                )
+                try:
+                    contextFactory = ChainingOpenSSLContextFactory(
+                        config.SSLPrivateKey,
+                        config.SSLCertificate,
+                        certificateChainFile=config.SSLAuthorityChain,
+                        passwdCallback=_getSSLPassphrase
+                    )
+                except SSL.Error, e:
+                    log.error("Unable to set up SSL context factory: %s" % (e,))
+                    log.error("Disabling SSL port: %s" % (port,))
+                else:
+                    httpsService = internet.SSLServer(
+                        int(port), channel,
+                        contextFactory, interface=bindAddress,
+                        backlog=config.ListenBacklog
+                    )
+                    httpsService.setServiceParent(service)
 
-                httpsService = internet.SSLServer(
-                    int(port), channel,
-                    contextFactory, interface=bindAddress,
-                    backlog=config.ListenBacklog
-                )
-                httpsService.setServiceParent(service)
-
         # Change log level back to what it was before
         setLogLevelForNamespace(None, oldLogLevel)
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080605/872a6b6c/attachment.htm

More information about the calendarserver-changes mailing list