cherrypy.wsgiserver.ssl_pyopenssl – pyOpenSSL¶
A library for integrating pyOpenSSL with CherryPy.
The OpenSSL module must be importable for SSL functionality. You can obtain it from here.
To use this module, set CherryPyWSGIServer.ssl_adapter to an instance of SSLAdapter. There are two ways to use SSL:
- ssl_adapter.context: an instance of SSL.Context.
If this is not None, it is assumed to be an SSL.Context instance, and will be passed to SSL.Connection on bind(). The developer is responsible for forming a valid Context object. This approach is to be preferred for more flexibility, e.g. if the cert and key are streams instead of files, or need decryption, or SSL.SSLv3_METHOD is desired instead of the default SSL.SSLv23_METHOD, etc. Consult the pyOpenSSL documentation for complete options.
Method Two (shortcut)¶
- ssl_adapter.certificate: the filename of the server SSL certificate.
- ssl_adapter.private_key: the filename of the server’s private key file.
Both are None by default. If ssl_adapter.context is None, but .private_key and .certificate are both given and valid, they will be read, and the context will be automatically created from them.
- class cherrypy.wsgiserver.ssl_pyopenssl.SSL_fileobject(*args, **kwargs)¶
SSL file object attached to a socket object.
- class cherrypy.wsgiserver.ssl_pyopenssl.SSLConnection(*args)¶
A thread-safe wrapper for an SSL.Connection.
*args: the arguments to create the wrapped SSL.Connection(*args).
- class cherrypy.wsgiserver.ssl_pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None)¶
A wrapper for integrating pyOpenSSL with CherryPy.
Wrap and return the given socket.
- certificate = None¶
The filename of the server SSL certificate.
- certificate_chain = None¶
Optional. The filename of CA’s intermediate certificate bundle.
This is needed for cheaper “chained root” SSL certificates, and should be left as None if not required.
- context = None¶
An instance of SSL.Context.
Return an SSL.Context from self attributes.
Return WSGI environ entries to be merged into each request.
- private_key = None¶
The filename of the server’s private key file.
Wrap and return the given socket, plus WSGI environ entries.