[CalendarServer-changes] [15216] twext/trunk/twext/internet/ssl.py

source_changes at macosforge.org source_changes at macosforge.org
Fri Oct 23 12:26:11 PDT 2015 

Revision: 15216
          http://trac.calendarserver.org//changeset/15216
Author:   cdaboo at apple.com
Date:     2015-10-23 12:26:11 -0700 (Fri, 23 Oct 2015)
Log Message:
-----------
Support for SecureTransport version of OpenSSL module.

Modified Paths:
--------------
    twext/trunk/twext/internet/ssl.py

Modified: twext/trunk/twext/internet/ssl.py
===================================================================
--- twext/trunk/twext/internet/ssl.py	2015-10-23 16:25:25 UTC (rev 15215)
+++ twext/trunk/twext/internet/ssl.py	2015-10-23 19:26:11 UTC (rev 15216)
@@ -37,13 +37,15 @@
 class ChainingOpenSSLContextFactory (DefaultOpenSSLContextFactory):
     def __init__(
         self, privateKeyFileName, certificateFileName,
-        sslmethod=SSLv23_METHOD, certificateChainFile=None,
+        sslmethod=SSLv23_METHOD,
+        certificateChainFile=None, keychainIdentity=None,
         passwdCallback=None, ciphers=None,
         verifyClient=False, requireClientCertificate=False,
         verifyClientOnce=True, verifyClientDepth=9,
         clientCACertFileNames=[], sendCAsToClient=True
     ):
         self.certificateChainFile = certificateChainFile
+        self.keychainIdentity = keychainIdentity
         self.passwdCallback = passwdCallback
         self.ciphers = ciphers
 
@@ -78,11 +80,14 @@
         if self.passwdCallback is not None:
             ctx.set_passwd_cb(self.passwdCallback)
 
-        ctx.use_certificate_file(self.certificateFileName)
-        ctx.use_privatekey_file(self.privateKeyFileName)
+        if self.keychainIdentity and hasattr(ctx, "use_keychain_identity"):
+            ctx.use_keychain_identity(self.keychainIdentity)
+        else:
+            ctx.use_certificate_file(self.certificateFileName)
+            ctx.use_privatekey_file(self.privateKeyFileName)
 
-        if self.certificateChainFile != "":
-            ctx.use_certificate_chain_file(self.certificateChainFile)
+            if self.certificateChainFile != "":
+                ctx.use_certificate_chain_file(self.certificateChainFile)
 
         verifyFlags = VERIFY_NONE
         if self.verifyClient:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151023/81a38123/attachment.html>

More information about the calendarserver-changes mailing list