cherrypy.wsgiserver.ssl_pyopenssl – pyOpenSSL

A library for integrating pyOpenSSL with CherryPy.

The OpenSSL module must be importable for SSL functionality. You can obtain it from here.

To use this module, set CherryPyWSGIServer.ssl_adapter to an instance of SSLAdapter. There are two ways to use SSL:

Method One

  • ssl_adapter.context: an instance of SSL.Context.

If this is not None, it is assumed to be an SSL.Context instance, and will be passed to SSL.Connection on bind(). The developer is responsible for forming a valid Context object. This approach is to be preferred for more flexibility, e.g. if the cert and key are streams instead of files, or need decryption, or SSL.SSLv3_METHOD is desired instead of the default SSL.SSLv23_METHOD, etc. Consult the pyOpenSSL documentation for complete options.

Method Two (shortcut)

  • ssl_adapter.certificate: the filename of the server SSL certificate.
  • ssl_adapter.private_key: the filename of the server’s private key file.

Both are None by default. If ssl_adapter.context is None, but .private_key and .certificate are both given and valid, they will be read, and the context will be automatically created from them.


class cherrypy.wsgiserver.ssl_pyopenssl.SSL_fileobject(*args, **kwargs)

SSL file object attached to a socket object.

class cherrypy.wsgiserver.ssl_pyopenssl.SSLConnection(*args)

A thread-safe wrapper for an SSL.Connection.

*args: the arguments to create the wrapped SSL.Connection(*args).

class cherrypy.wsgiserver.ssl_pyopenssl.pyOpenSSLAdapter(certificate, private_key, certificate_chain=None)

A wrapper for integrating pyOpenSSL with CherryPy.


Wrap and return the given socket.

certificate = None

The filename of the server SSL certificate.

certificate_chain = None

Optional. The filename of CA’s intermediate certificate bundle.

This is needed for cheaper “chained root” SSL certificates, and should be left as None if not required.

context = None

An instance of SSL.Context.


Return an SSL.Context from self attributes.


Return WSGI environ entries to be merged into each request.

private_key = None

The filename of the server’s private key file.


Wrap and return the given socket, plus WSGI environ entries.