Re: [Twisted-web] Nginx vs Twisted Web

Tue, 07 Oct 2014 21:56:41 -0700 

On Oct 7, 2014, at 3:21 PM, Carl D'Halluin <[email protected]> wrote:

> 
>> Another problem is that Twisted doesn't yet support SSL on adopted sockets.
> 
> I did this by hand:
> 
> # Suppose your create/bind/list your listen_socket, and
> # its file descriptor is listen_socket_fd
> 
> 
> site = server.Site(MyHttpsSite())
> 
> cert = '/path/to/my/cert'
> key = '/path/to/my/key'
> 
> ctx = DefaultOpenSSLContextFactory(key, cert)
> tlsFactory = tls.TLSMemoryBIOFactory(ctx, False, site)
> p = tcp.Port._fromListeningDescriptor(reactor,
>                                             listen_socket_fd,
>                                             socket.AF_INET,
>                                             tlsFactory)
> p._type = 'TLS'
> p.startListening()
> 
> os.close(listen_socket_fd)
> reactor.run()

There is work underway for addressing this particular use-case (endpoint 
composition) via string endpoints:

<https://twistedmatrix.com/trac/ticket/5642>

But even today you don't have to touch unsupported private APIs to do this.

As per <https://twistedmatrix.com/trac/wiki/CompatibilityPolicy> we really like 
to discourage people from touching private (i.e. underscore-prefixed or 
imported-from-another-module) API, because it may well break in the next 
release and you'll have no recourse.

(Plus, you should really be using CertificateOptions, not 
DefaultOpenSSLContextFactory, either via PrivateCertificate(...).options() or 
directly constructed.)

from twisted.python.filepath import FilePath
site = server.Site(MyHttpsSite())

cert = FilePath('/path/to/my/cert').getContent()
key = FilePath('/path/to/my/key').getContent()

from twisted.internet.ssl import PrivateCertificate
certificateWithKey = PrivateCertificate.loadPEM(b"\n".join([cert, key]))

tlsFactory = tls.TLSMemoryBIOFactory(certificateWithKey.options(), False, site)

import socket
from twisted.internet import reactor
reactor.adoptStreamPort(listen_socket_fd, socket.AF_INET, tlsFactory)
import os
os.close(listen_socket_fd)
reactor.run()

This code hasn't been tested, but no underscores should be necessary!

-glyph


_______________________________________________
Twisted-web mailing list
[email protected]
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web

Reply via email to