Collect SSL options into an SSLOptions object
Also split SSL cert specifications from SSL service mode - we can now enter SSL service mode through a proxy CONNECT request as well.
This commit is contained in:
parent
3886ccae93
commit
1e932e7045
|
@ -8,6 +8,13 @@ logger = logging.getLogger('pathod')
|
|||
class PathodError(Exception): pass
|
||||
|
||||
|
||||
class SSLOptions:
|
||||
def __init__(self, certfile=None, keyfile=None, not_after_connect=None):
|
||||
self.keyfile = keyfile or utils.data.path("resources/server.key")
|
||||
self.certfile = certfile or utils.data.path("resources/server.crt")
|
||||
self.not_after_connect = not_after_connect
|
||||
|
||||
|
||||
class PathodHandler(tcp.BaseHandler):
|
||||
wbufsize = 0
|
||||
sni = None
|
||||
|
@ -144,11 +151,11 @@ class PathodHandler(tcp.BaseHandler):
|
|||
self.info("\n".join(s))
|
||||
|
||||
def handle(self):
|
||||
if self.server.ssloptions and not self.server.ssloptions["ssl_after_connect"]:
|
||||
if self.server.ssl:
|
||||
try:
|
||||
self.convert_to_ssl(
|
||||
self.server.ssloptions["certfile"],
|
||||
self.server.ssloptions["keyfile"],
|
||||
self.server.ssloptions.certfile,
|
||||
self.server.ssloptions.keyfile,
|
||||
)
|
||||
except tcp.NetLibError, v:
|
||||
s = str(v)
|
||||
|
@ -182,7 +189,7 @@ class PathodHandler(tcp.BaseHandler):
|
|||
class Pathod(tcp.TCPServer):
|
||||
LOGBUF = 500
|
||||
def __init__( self,
|
||||
addr, ssloptions=None, craftanchor="/p/", staticdir=None, anchors=None,
|
||||
addr, ssl=False, ssloptions=None, craftanchor="/p/", staticdir=None, anchors=None,
|
||||
sizelimit=None, noweb=False, nocraft=False, noapi=False, nohang=False,
|
||||
timeout=None, logreq=False, logresp=False, explain=False, hexdump=False
|
||||
):
|
||||
|
@ -199,7 +206,8 @@ class Pathod(tcp.TCPServer):
|
|||
nohang: Disable pauses.
|
||||
"""
|
||||
tcp.TCPServer.__init__(self, addr)
|
||||
self.ssloptions = ssloptions
|
||||
self.ssl = ssl
|
||||
self.ssloptions = ssloptions or SSLOptions()
|
||||
self.staticdir = staticdir
|
||||
self.craftanchor = craftanchor
|
||||
self.sizelimit = sizelimit
|
||||
|
|
|
@ -71,17 +71,9 @@ class _PaThread(threading.Thread):
|
|||
self.daemonargs = daemonargs
|
||||
|
||||
def run(self):
|
||||
if self.ssl is True:
|
||||
ssloptions = dict(
|
||||
keyfile = utils.data.path("resources/server.key"),
|
||||
certfile = utils.data.path("resources/server.crt"),
|
||||
ssl_after_connect = False
|
||||
)
|
||||
else:
|
||||
ssloptions = self.ssl
|
||||
self.server = pathod.Pathod(
|
||||
(self.iface, 0),
|
||||
ssloptions = ssloptions,
|
||||
ssl = self.ssl,
|
||||
**self.daemonargs
|
||||
)
|
||||
self.q.put(self.server.port)
|
||||
|
|
18
pathod
18
pathod
|
@ -35,14 +35,11 @@ def main(parser, args):
|
|||
if any(sl) and not all(sl):
|
||||
parser.error("Both --certfile and --keyfile must be specified.")
|
||||
|
||||
if args.ssl:
|
||||
ssloptions = dict(
|
||||
keyfile = args.ssl_keyfile or utils.data.path("resources/server.key"),
|
||||
certfile = args.ssl_certfile or utils.data.path("resources/server.crt"),
|
||||
ssl_after_connect = args.ssl_after_connect
|
||||
ssloptions = pathod.SSLOptions(
|
||||
keyfile = args.ssl_keyfile,
|
||||
certfile = args.ssl_certfile,
|
||||
not_after_connect = args.ssl_not_after_connect
|
||||
)
|
||||
else:
|
||||
ssloptions = None
|
||||
|
||||
alst = []
|
||||
for i in args.anchors:
|
||||
|
@ -82,6 +79,7 @@ def main(parser, args):
|
|||
pd = pathod.Pathod(
|
||||
(args.address, args.port),
|
||||
craftanchor = args.craftanchor,
|
||||
ssl = args.ssl,
|
||||
ssloptions = ssloptions,
|
||||
staticdir = args.staticdir,
|
||||
anchors = alst,
|
||||
|
@ -158,12 +156,12 @@ if __name__ == "__main__":
|
|||
'SSL',
|
||||
)
|
||||
group.add_argument(
|
||||
"-C", dest='ssl_after_connect', default=False, action="store_true",
|
||||
help='Expect SSL after a CONNECT request.'
|
||||
"-C", dest='ssl_not_after_connect', default=False, action="store_true",
|
||||
help="Don't expect SSL after a CONNECT request."
|
||||
)
|
||||
group.add_argument(
|
||||
"-s", dest='ssl', default=False, action="store_true",
|
||||
help='Serve with SSL.'
|
||||
help='Run in HTTPS mode.'
|
||||
)
|
||||
group.add_argument(
|
||||
"--keyfile", dest='ssl_keyfile', default=None, type=str,
|
||||
|
|
Loading…
Reference in New Issue