def testContextAndSock(self):
cert_dir = "../../certs"
if not os.path.isdir(cert_dir):
cert_dir = "../certs"
if not os.path.isdir(cert_dir):
cert_dir = "./certs"
if not os.path.isdir(cert_dir):
self.fail("cannot locate test certs directory")
try:
config.SSL = True
config.SSL_REQUIRECLIENTCERT = True
server_ctx = SU.getSSLcontext(cert_dir + "/server_cert.pem",
cert_dir + "/server_key.pem")
client_ctx = SU.getSSLcontext(
clientcert=cert_dir + "/client_cert.pem",
clientkey=cert_dir + "/client_key.pem")
self.assertEqual(ssl.CERT_REQUIRED, server_ctx.verify_mode)
self.assertEqual(ssl.CERT_REQUIRED, client_ctx.verify_mode)
self.assertTrue(client_ctx.check_hostname)
sock = SU.createSocket(sslContext=server_ctx)
try:
self.assertTrue(hasattr(sock, "getpeercert"))
finally:
sock.close()
finally:
config.SSL = False
def init(self, daemon, host, port, unixsocket=None):
log.info("starting multiplexed socketserver")
log.debug("selector implementation: %s.%s", self.selector.__class__.__module__, self.selector.__class__.__name__)
self.sock = None
bind_location = unixsocket if unixsocket else (host, port)
if config.SSL:
sslContext = socketutil.getSSLcontext(servercert=config.SSL_SERVERCERT,
serverkey=config.SSL_SERVERKEY,
keypassword=config.SSL_SERVERKEYPASSWD,
cacerts=config.SSL_CACERTS)
log.info("using SSL, cert=%s key=%s cacerts=%s", config.SSL_SERVERCERT, config.SSL_SERVERKEY, config.SSL_CACERTS)
else:
sslContext = None
log.info("not using SSL")
self.sock = socketutil.createSocket(bind=bind_location,
reuseaddr=config.SOCK_REUSE,
timeout=config.COMMTIMEOUT,
noinherit=True,
nodelay=config.SOCK_NODELAY,
sslContext=sslContext)
self.daemon = daemon
self._socketaddr = sockaddr = self.sock.getsockname()
if not unixsocket and sockaddr[0].startswith("127."):
if host is None or host.lower() != "localhost" and not host.startswith("127."):
log.warning("weird DNS setup: %s resolves to localhost (127.x.x.x)", host)
if unixsocket:
self.locationStr = "./u:" + unixsocket
else:
host = host or sockaddr[0]
port = port or sockaddr[1]
if ":" in host: # ipv6
self.locationStr = "[%s]:%d" % (host, port)
else:
self.locationStr = "%s:%d" % (host, port)
self.selector.register(self.sock, selectors.EVENT_READ, self)
def testContextAndSock(self):
cert_dir = "../../certs"
if not os.path.isdir(cert_dir):
cert_dir = "../certs"
if not os.path.isdir(cert_dir):
self.fail("cannot locate test certs directory")
try:
config.SSL = True
config.SSL_REQUIRECLIENTCERT = True
server_ctx = SU.getSSLcontext(cert_dir+"/server_cert.pem", cert_dir+"/server_key.pem")
client_ctx = SU.getSSLcontext(clientcert=cert_dir+"/client_cert.pem", clientkey=cert_dir+"/client_key.pem")
self.assertEqual(ssl.CERT_REQUIRED, server_ctx.verify_mode)
self.assertEqual(ssl.CERT_REQUIRED, client_ctx.verify_mode)
self.assertTrue(client_ctx.check_hostname)
sock = SU.createSocket(sslContext=server_ctx)
try:
self.assertTrue(hasattr(sock, "getpeercert"))
finally:
sock.close()
finally:
config.SSL = False
def init(self, daemon, host, port, unixsocket=None):
log.info("starting thread pool socketserver")
self.daemon = daemon
self.sock = None
bind_location = unixsocket if unixsocket else (host, port)
if config.SSL:
sslContext = socketutil.getSSLcontext(
servercert=config.SSL_SERVERCERT,
serverkey=config.SSL_SERVERKEY,
keypassword=config.SSL_SERVERKEYPASSWD,
cacerts=config.SSL_CACERTS)
log.info("using SSL, cert=%s key=%s cacerts=%s",
config.SSL_SERVERCERT, config.SSL_SERVERKEY,
config.SSL_CACERTS)
else:
sslContext = None
log.info("not using SSL")
self.sock = socketutil.createSocket(bind=bind_location,
reuseaddr=config.SOCK_REUSE,
timeout=config.COMMTIMEOUT,
noinherit=True,
nodelay=config.SOCK_NODELAY,
sslContext=sslContext)
self._socketaddr = self.sock.getsockname()
if not unixsocket and self._socketaddr[0].startswith("127."):
if host is None or host.lower(
) != "localhost" and not host.startswith("127."):
log.warning(
"weird DNS setup: %s resolves to localhost (127.x.x.x)",
host)
if unixsocket:
self.locationStr = "./u:" + unixsocket
else:
host = host or self._socketaddr[0]
port = port or self._socketaddr[1]
if ":" in host: # ipv6
self.locationStr = "[%s]:%d" % (host, port)
else:
self.locationStr = "%s:%d" % (host, port)
self.pool = Pool()
self.housekeeper = Housekeeper(daemon)
self.housekeeper.start()
def init(self, daemon, host, port, unixsocket=None):
log.info("starting thread pool socketserver")
self.daemon = daemon
self.sock = None
bind_location = unixsocket if unixsocket else (host, port)
if config.SSL:
sslContext = socketutil.getSSLcontext(servercert=config.SSL_SERVERCERT,
serverkey=config.SSL_SERVERKEY,
keypassword=config.SSL_SERVERKEYPASSWD,
cacerts=config.SSL_CACERTS)
log.info("using SSL, cert=%s key=%s cacerts=%s", config.SSL_SERVERCERT, config.SSL_SERVERKEY, config.SSL_CACERTS)
else:
sslContext = None
log.info("not using SSL")
self.sock = socketutil.createSocket(bind=bind_location,
reuseaddr=config.SOCK_REUSE,
timeout=config.COMMTIMEOUT,
noinherit=True,
nodelay=config.SOCK_NODELAY,
sslContext=sslContext)
self._socketaddr = self.sock.getsockname()
if not unixsocket and self._socketaddr[0].startswith("127."):
if host is None or host.lower() != "localhost" and not host.startswith("127."):
log.warning("weird DNS setup: %s resolves to localhost (127.x.x.x)", host)
if unixsocket:
self.locationStr = "./u:" + unixsocket
else:
host = host or self._socketaddr[0]
port = port or self._socketaddr[1]
if ":" in host: # ipv6
self.locationStr = "[%s]:%d" % (host, port)
else:
self.locationStr = "%s:%d" % (host, port)
self.pool = Pool()
self.housekeeper = Housekeeper(daemon)
self.housekeeper.start()
if self._selector:
self._selector.register(self.sock, selectors.EVENT_READ, self)