Add support for SSL back

This commit is contained in:
Guillaume Ayoub 2011-05-01 15:25:52 +02:00
parent 2fd6efae14
commit 6389411edd
2 changed files with 51 additions and 2 deletions

View File

@ -96,12 +96,14 @@ radicale.log.LOGGER.info("Starting Radicale")
# Create calendar servers # Create calendar servers
servers = [] servers = []
server_class = radicale.HTTPSServer if options.ssl else radicale.HTTPServer
shutdown_program = threading.Event() shutdown_program = threading.Event()
for host in options.hosts.split(','): for host in options.hosts.split(','):
address, port = host.strip().rsplit(':', 1) address, port = host.strip().rsplit(':', 1)
address, port = address.strip('[] '), int(port) address, port = address.strip('[] '), int(port)
servers.append(make_server(address, port, radicale.Application())) servers.append(
make_server(address, port, radicale.Application(), server_class))
# SIGTERM and SIGINT (aka KeyboardInterrupt) should just mark this for shutdown # SIGTERM and SIGINT (aka KeyboardInterrupt) should just mark this for shutdown
signal.signal(signal.SIGTERM, lambda *_: shutdown_program.set()) signal.signal(signal.SIGTERM, lambda *_: shutdown_program.set())
@ -117,9 +119,11 @@ def serve_forever(server):
# Start the servers in a different loop to avoid possible race-conditions, when # Start the servers in a different loop to avoid possible race-conditions, when
# a server exists but another server is added to the list at the same time # a server exists but another server is added to the list at the same time
for server in servers: for server in servers:
threading.Thread(target=serve_forever, args=(server,)).start()
radicale.log.LOGGER.debug( radicale.log.LOGGER.debug(
"Listening to %s port %s" % (server.server_name, server.server_port)) "Listening to %s port %s" % (server.server_name, server.server_port))
if options.ssl:
radicale.log.LOGGER.debug("Using SSL")
threading.Thread(target=serve_forever, args=(server,)).start()
radicale.log.LOGGER.debug("Radicale server ready") radicale.log.LOGGER.debug("Radicale server ready")

View File

@ -31,6 +31,8 @@ should have been included in this package.
import os import os
import posixpath import posixpath
import base64 import base64
import socket
import wsgiref.simple_server
# Manage Python2/3 different modules # Manage Python2/3 different modules
# pylint: disable=F0401 # pylint: disable=F0401
try: try:
@ -46,6 +48,49 @@ from radicale import acl, config, ical, log, xmlutils
VERSION = "git" VERSION = "git"
class HTTPServer(wsgiref.simple_server.WSGIServer):
"""HTTP server."""
def __init__(self, address, handler, bind_and_activate=True):
"""Create server."""
ipv6 = ":" in address[0]
if ipv6:
self.address_family = socket.AF_INET6
# Do not bind and activate, as we might change socketopts
wsgiref.simple_server.WSGIServer.__init__(self, address, handler, False)
if ipv6:
# Only allow IPv6 connections to the IPv6 socket
self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1)
if bind_and_activate:
self.server_bind()
self.server_activate()
class HTTPSServer(HTTPServer):
"""HTTPS server."""
def __init__(self, address, handler, bind_and_activate=True):
"""Create server by wrapping HTTP socket in an SSL socket."""
# Fails with Python 2.5, import if needed
# pylint: disable=F0401
import ssl
# pylint: enable=F0401
HTTPServer.__init__(self, address, handler, False)
self.socket = ssl.wrap_socket(
self.socket,
server_side=True,
certfile=config.get("server", "certificate"),
keyfile=config.get("server", "key"),
ssl_version=ssl.PROTOCOL_SSLv23)
if bind_and_activate:
self.server_bind()
self.server_activate()
class Application(object): class Application(object):
"""WSGI application managing calendars.""" """WSGI application managing calendars."""
def __init__(self): def __init__(self):