-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssl_server.py
64 lines (43 loc) · 1.75 KB
/
ssl_server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/env python
#-*- coding:utf-8 -*-
from bottle import Bottle, run, request, server_names, ServerAdapter, route, template, static_file, redirect, abort
from sslwsgiserver import CherryPyWSGIServerSSL
CERTFILE='certnew.cer'
PRIVKEYFILE='privkey.pem'
CAFILE='allcas.pem'
# Declaration of new class that inherits from ServerAdapter
# It's almost equal to the supported cherrypy class CherryPyServer
class MySSLCherryPy(ServerAdapter):
def run(self, handler):
global CERTFILE
global PRIVKEYFILE
global CAFILE
cert = CERTFILE
privkey = PRIVKEYFILE
ca = CAFILE
def verify_cert_cb(*x):
# SSL verification callback
return True
server = CherryPyWSGIServerSSL((self.host, self.port), handler, ssl_certificate=cert, ssl_private_key=privkey, ssl_ca_certificate=ca, ssl_verification_cb=verify_cert_cb, ssl_verify_peer=True, ssl_fail_no_peer_cert=False)
server.ssl_certificate = cert
server.ssl_private_key = privkey
server.ssl_ca_certificate = ca
server.certificate_verify_cb = verify_cert_cb
try:
server.start()
finally:
server.stop()
# Add our new MySSLCherryPy class to the supported servers
# under the key 'mysslcherrypy'
server_names['mysslcherrypy'] = MySSLCherryPy
# SSL-enabled server
app = Bottle()
@app.route('/cert/')
def cert():
if request.environ['wsgi.ssl_peer_certificate'] != None:
user_cert = request.environ['wsgi.ssl_peer_certificate'].get_subject().get_components()
print user_cert
else:
print 'peer didn\'t provide certificate'
return 'Testing string'
run(app, host='0.0.0.0', port='443', server='mysslcherrypy', debug=True)