Add SSLContext to StreamServer et al

fixes #901

Add SSLContext to StreamServer et al
fixes #901
4bead9db · Arcadiy Ivanov · Jason Madden · 3ab69f26 · 4bead9db · 4bead9db
Commit 4bead9db authored Dec 08, 2016 by Arcadiy Ivanov Committed by Jason Madden Dec 08, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 5 deletions

src/gevent/server.py src/gevent/server.py +20 -5

src/greentest/test__pywsgi.py src/greentest/test__pywsgi.py +11 -0

No files found.
--- a/src/gevent/server.py
+++ b/src/gevent/server.py
@@ -20,8 +20,18 @@ class StreamServer(BaseServer):
    """A generic TCP server. Accepts connections on a listening socket and spawns user-provided *handle*
    for each connection with 2 arguments: the client socket and the client address.

-    If any of the following keyword arguments are present, then the server assumes SSL mode and uses these arguments
-    to create an SSL wrapper for the client socket before passing it to *handle*:
+    Server can assume an SSL mode via either direct client socket wrapper initialization or socket wrapping via an
+    :class:`SSLContext`.
+
+    If *ssl_context* keyword argument is present, it should contain an :class:`SSLContext`. The following keyword
+    arguments may be used SSLContext mode (subject to Python API version):
+
+    - server_hostname
+    - suppress_ragged_eofs
+    - do_handshake_on_connect
+
+    Otherwise, if any of the following keyword arguments are present, then the server assumes SSL mode and uses these
+    arguments to create an SSL wrapper for the client socket before passing it to *handle*:

    - keyfile
    - certfile
@@ -51,9 +61,14 @@ class StreamServer(BaseServer):
        try:
            if ssl_args:
                ssl_args.setdefault('server_side', True)
-                from gevent.ssl import wrap_socket
-                self.wrap_socket = wrap_socket
-                self.ssl_args = ssl_args
+                if 'ssl_context' in ssl_args:
+                    ssl_context = ssl_args.pop('ssl_context')
+                    self.wrap_socket = ssl_context.wrap_socket
+                    self.ssl_args = ssl_args
+                else:
+                    from gevent.ssl import wrap_socket
+                    self.wrap_socket = wrap_socket
+                    self.ssl_args = ssl_args
            else:
                self.ssl_args = None
            if backlog is not None:

--- a/src/greentest/test__pywsgi.py
+++ b/src/greentest/test__pywsgi.py
@@ -19,7 +19,9 @@
 # THE SOFTWARE.
 # pylint: disable=too-many-lines,unused-argument
 from __future__ import print_function
+
 from gevent import monkey
+
 monkey.patch_all(thread=False)

 try:
@@ -740,6 +742,13 @@ class HttpsTestCase(TestCase):
        return [environ['wsgi.input'].read(10)]


+class HttpsSslContextTestCase(HttpsTestCase):
+    def init_server(self, application):
+        from ssl import create_default_context
+        context = create_default_context()
+        context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
+        self.server = pywsgi.WSGIServer(('127.0.0.1', 0), application, ssl_context=context)
+
 class TestHttps(HttpsTestCase):

    if hasattr(socket, 'ssl'):
@@ -752,6 +761,8 @@ class TestHttps(HttpsTestCase):
            result = self.urlopen()
            self.assertEquals(result.body, '')

+class TestHttpsWithContext(HttpsSslContextTestCase, TestHttps):
+    pass

 class TestInternational(TestCase):
    validator = None  # wsgiref.validate.IteratorWrapper([]) does not have __len__