Skip to content

Commit e10cde4

Browse files
GrahamDumpletonGrahamDumpleton
committed
Add support for SSL certificate chains.
1 parent 1fb879c commit e10cde4

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

src/server/__init__.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -570,6 +570,9 @@ def find_mimetypes():
570570
SSLCACertificateFile %(ssl_ca_certificate_file)s
571571
SSLVerifyClient none
572572
</IfDefine>
573+
<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
574+
SSLCertificateChainFile %(ssl_certificate_chain_file)s
575+
</IfDefine>
573576
</VirtualHost>
574577
<VirtualHost *:%(https_port)s>
575578
ServerName %(server_name)s
@@ -583,6 +586,9 @@ def find_mimetypes():
583586
SSLCACertificateFile %(ssl_ca_certificate_file)s
584587
SSLVerifyClient none
585588
</IfDefine>
589+
<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
590+
SSLCertificateChainFile %(ssl_certificate_chain_file)s
591+
</IfDefine>
586592
<IfDefine MOD_WSGI_HTTPS_ONLY>
587593
<IfDefine MOD_WSGI_HSTS_POLICY>
588594
Header set Strict-Transport-Security %(hsts_policy)s
@@ -603,6 +609,9 @@ def find_mimetypes():
603609
SSLCACertificateFile %(ssl_ca_certificate_file)s
604610
SSLVerifyClient none
605611
</IfDefine>
612+
<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
613+
SSLCertificateChainFile %(ssl_certificate_chain_file)s
614+
</IfDefine>
606615
</VirtualHost>
607616
</IfDefine>
608617
</IfDefine>
@@ -1819,6 +1828,11 @@ def check_percentage(option, opt_str, value, parser):
18191828
'whole site will be disabled and verification will only be '
18201829
'required for the specified sub URL.'),
18211830

1831+
optparse.make_option('--ssl-certificate-chain-file', default=None,
1832+
metavar='FILE-PATH', help='Specify the path to a file '
1833+
'containing the certificates of Certification Authorities (CA) '
1834+
'which form the certificate chain of the server certificate.'),
1835+
18221836
optparse.make_option('--ssl-environment', action='store_true',
18231837
default=False, help='Flag indicating whether the standard set '
18241838
'of SSL related variables are passed in the per request '
@@ -2477,6 +2491,10 @@ def _cmd_setup_server(command, args, options):
24772491
options['ssl_ca_certificate_file'] = os.path.abspath(
24782492
options['ssl_ca_certificate_file'])
24792493

2494+
if options['ssl_certificate_chain_file']:
2495+
options['ssl_certificate_chain_file'] = os.path.abspath(
2496+
options['ssl_certificate_chain_file'])
2497+
24802498
if options['entry_point']:
24812499
args = [options['entry_point']]
24822500

@@ -2939,6 +2957,8 @@ def _cmd_setup_server(command, args, options):
29392957
options['httpd_arguments_list'].append('-DMOD_WSGI_WITH_HTTPS')
29402958
if options['ssl_ca_certificate_file']:
29412959
options['httpd_arguments_list'].append('-DMOD_WSGI_VERIFY_CLIENT')
2960+
if options['ssl_certificate_chain_file']:
2961+
options['httpd_arguments_list'].append('-DMOD_WSGI_CERTIFICATE_CHAIN')
29422962

29432963
if options['ssl_environment']:
29442964
options['httpd_arguments_list'].append('-DMOD_WSGI_SSL_ENVIRONMENT')

0 commit comments

Comments
 (0)