crabapples
/
websockify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add option for cert key password

This commit is contained in:
Tommy Brunn 2019-03-02 17:21:28 +01:00 committed by Giuseppe Corbelli
parent 5bde6cea4d
commit f5dbb83fec
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/test_websockifyserver.py
View File

@ -271,7 +271,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
def __init__(self, purpose): def __init__(self, purpose):
self.verify_mode = None self.verify_mode = None
self.options = 0 self.options = 0
def load_cert_chain(self, certfile, keyfile): def load_cert_chain(self, certfile, keyfile, password):
pass pass
def set_default_verify_paths(self): def set_default_verify_paths(self):
pass pass
@ -310,7 +310,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
def __init__(self, purpose): def __init__(self, purpose):
self.verify_mode = None self.verify_mode = None
self.options = 0 self.options = 0
def load_cert_chain(self, certfile, keyfile): def load_cert_chain(self, certfile, keyfile, password):
pass pass
def set_default_verify_paths(self): def set_default_verify_paths(self):
pass pass
@ -351,7 +351,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
def __init__(self, purpose): def __init__(self, purpose):
self.verify_mode = None self.verify_mode = None
self._options = 0 self._options = 0
def load_cert_chain(self, certfile, keyfile): def load_cert_chain(self, certfile, keyfile, password):
pass pass
def set_default_verify_paths(self): def set_default_verify_paths(self):
pass pass

2
websockify/websocketproxy.py
View File

@ -478,6 +478,8 @@ def websockify_init():
help="SSL certificate file") help="SSL certificate file")
parser.add_option("--key", default=None, parser.add_option("--key", default=None,
help="SSL key file (if separate from cert)") help="SSL key file (if separate from cert)")
parser.add_option("--password", default=None,
help="SSL key password")
parser.add_option("--ssl-only", action="store_true", parser.add_option("--ssl-only", action="store_true",
help="disallow non-encrypted client connections") help="disallow non-encrypted client connections")
parser.add_option("--ssl-target", action="store_true", parser.add_option("--ssl-target", action="store_true",

5
websockify/websockifyserver.py
View File

@ -340,7 +340,7 @@ class WebSockifyServer(object):
def __init__(self, RequestHandlerClass, listen_fd=None, def __init__(self, RequestHandlerClass, listen_fd=None,
listen_host='', listen_port=None, source_is_ipv6=False, listen_host='', listen_port=None, source_is_ipv6=False,
verbose=False, cert='', key='', ssl_only=None, verbose=False, cert='', key='', password=None, ssl_only=None,
verify_client=False, cafile=None, verify_client=False, cafile=None,
daemon=False, record='', web='', web_auth=False, daemon=False, record='', web='', web_auth=False,
file_only=False, file_only=False,
@ -380,6 +380,7 @@ class WebSockifyServer(object):
# keyfile path must be None if not specified # keyfile path must be None if not specified
self.key = None self.key = None
self.password = password
# Make paths settings absolute # Make paths settings absolute
self.cert = os.path.abspath(cert) self.cert = os.path.abspath(cert)
@ -577,7 +578,7 @@ class WebSockifyServer(object):
if self.ssl_ciphers is not None: if self.ssl_ciphers is not None:
context.set_ciphers(self.ssl_ciphers) context.set_ciphers(self.ssl_ciphers)
context.options = self.ssl_options context.options = self.ssl_options
context.load_cert_chain(certfile=self.cert, keyfile=self.key) context.load_cert_chain(certfile=self.cert, keyfile=self.key, password=self.password)
if self.verify_client: if self.verify_client:
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED
if self.cafile: if self.cafile: