syncevo-http-server: added SSL support
--server-certificate=CERT certificate file used by the server to identify itself (required for https) --server-key=KEY key file used by the server to identify itself (optional, certificate file is used as fallback, which then must contain key and certificate) Example keys for localhost and a README for creating/using them are included in this commit.
This commit is contained in:
parent
c57e77e62a
commit
b731f26b63
|
@ -0,0 +1,14 @@
|
|||
SSL keys for syncevo-http-server running on localhost.
|
||||
|
||||
See http://twistedmatrix.com/documents/10.1.0/core/howto/ssl.html and
|
||||
HOWTOs like http://www.madboa.com/geek/openssl/#cert-self
|
||||
|
||||
Debian + server on localhost:
|
||||
- openssl req -x509 -nodes -days 0 -newkey rsa:1024 -keyout localhost_pem.key -out localhost_pem.crt
|
||||
Common Name = "localhost"
|
||||
- cat localhost_pem* >localhost.pem
|
||||
- sudo cp localhost_pem.crt /usr/local/share/ca-certificates/
|
||||
- sudo update-ca-certificates
|
||||
- ensure that "localhost" resolves to 127.0.0.1 (Twisted does not support listening to IPv6
|
||||
and libsoup has no fallback to IPv4)
|
||||
- syncevo-http-server --server-certificate=localhost.pem https://localhost:9000/syncevolution
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICGzCCAYSgAwIBAgIJAPzkRiPXbaToMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
|
||||
BAMTCWxvY2FsaG9zdDAeFw0xMDEyMjgwOTMyNTRaFw0xMTAxMjcwOTMyNTRaMBQx
|
||||
EjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
|
||||
yEtljSEL7J8o2S/X3vLbD4x/lQH5bCDPuROkyYBKaW7b2Sc4OwTbWgrrwqFky+8a
|
||||
1skJ8iAkXeh4UnJDwybnmDiGEPVLIOdFp9d8M7YGTR+E1OSSH9pO2ATlMpim8yZa
|
||||
I6460UkPnykErD9PMuriZ6wOEGd8GRuD7DzG+2uVyZ8CAwEAAaN1MHMwHQYDVR0O
|
||||
BBYEFOMz6mgFQW2wEbNlLiexb7kXYWeSMEQGA1UdIwQ9MDuAFOMz6mgFQW2wEbNl
|
||||
Liexb7kXYWeSoRikFjAUMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQD85EYj122k6DAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAL8AN54hQnT2BSjadPP/XxFZ
|
||||
HkVI0+laO5lfOqBQXTOYEJbuOXuGsRSmPY1F9vSBPsBWuViMy2jW94HpFRJ9uP3C
|
||||
l9p8iAfTTKwVTSwcHqx4pGauv+HHA8BvHG2Ml14VaXD1OkRevRvG38kgS2SArgpK
|
||||
ComOL7jLEdw6QKETyxOH
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQDIS2WNIQvsnyjZL9fe8tsPjH+VAflsIM+5E6TJgEppbtvZJzg7
|
||||
BNtaCuvCoWTL7xrWyQnyICRd6HhSckPDJueYOIYQ9Usg50Wn13wztgZNH4TU5JIf
|
||||
2k7YBOUymKbzJlojrjrRSQ+fKQSsP08y6uJnrA4QZ3wZG4PsPMb7a5XJnwIDAQAB
|
||||
AoGASNOJQBBU+ptASf/oWMsqtXOba/2EyDkB7kRjNVTtOXqyezmUa3kvnIS+Bk2S
|
||||
jcgJlTER6bSgJHkDTs73Lnz11bDXH16fyhL7k5Z3KIIVNYWr8Ad+lcuIK4NNddxQ
|
||||
HoySFK+U6dTjNpWyXXZEmH/9zunSzq4oVM8/W5nUFihflbECQQD37plZ0gW57c6y
|
||||
6t1+87Nc5CNlfd7K7FoZ1b7O/ct3A+ho46Zzi2bMXL8gCyhcZ53fqYIzTOxPVqZL
|
||||
+Ir4s40pAkEAzs/z6LRN87Wm3TmLJPOvl30gM1f3KsJBogn+NKnSlJyYyI05BGj9
|
||||
5fnqr/cqUWPzAKlZf357UwCaxF12uoWxhwJBAOjPoCh70uy4pfPUH5Fqfe6oO6S+
|
||||
AUtDjYfc8oOkRj7H6KE1w8OUDz+vh7krQQckNVck8SIDBZOqphWImdbXo6ECQQCh
|
||||
TFtlgUrS6zhrjjfR6CVpN3Pn15G0zbE22ihjlpfgxIn80PhJUkHEHjlGaLWeqR+b
|
||||
wnlFELbKs8wBnwu8ygz9AkBIyiUisu/XixCpWbFdrLUwOFCdoskvhe/eZJEY2oCP
|
||||
9TLM4o9GokMJVm7Gta96cGs+MVV03UrApJeacrQX3JgR
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICGzCCAYSgAwIBAgIJAPzkRiPXbaToMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
|
||||
BAMTCWxvY2FsaG9zdDAeFw0xMDEyMjgwOTMyNTRaFw0xMTAxMjcwOTMyNTRaMBQx
|
||||
EjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
|
||||
yEtljSEL7J8o2S/X3vLbD4x/lQH5bCDPuROkyYBKaW7b2Sc4OwTbWgrrwqFky+8a
|
||||
1skJ8iAkXeh4UnJDwybnmDiGEPVLIOdFp9d8M7YGTR+E1OSSH9pO2ATlMpim8yZa
|
||||
I6460UkPnykErD9PMuriZ6wOEGd8GRuD7DzG+2uVyZ8CAwEAAaN1MHMwHQYDVR0O
|
||||
BBYEFOMz6mgFQW2wEbNlLiexb7kXYWeSMEQGA1UdIwQ9MDuAFOMz6mgFQW2wEbNl
|
||||
Liexb7kXYWeSoRikFjAUMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQD85EYj122k6DAM
|
||||
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAL8AN54hQnT2BSjadPP/XxFZ
|
||||
HkVI0+laO5lfOqBQXTOYEJbuOXuGsRSmPY1F9vSBPsBWuViMy2jW94HpFRJ9uP3C
|
||||
l9p8iAfTTKwVTSwcHqx4pGauv+HHA8BvHG2Ml14VaXD1OkRevRvG38kgS2SArgpK
|
||||
ComOL7jLEdw6QKETyxOH
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQDIS2WNIQvsnyjZL9fe8tsPjH+VAflsIM+5E6TJgEppbtvZJzg7
|
||||
BNtaCuvCoWTL7xrWyQnyICRd6HhSckPDJueYOIYQ9Usg50Wn13wztgZNH4TU5JIf
|
||||
2k7YBOUymKbzJlojrjrRSQ+fKQSsP08y6uJnrA4QZ3wZG4PsPMb7a5XJnwIDAQAB
|
||||
AoGASNOJQBBU+ptASf/oWMsqtXOba/2EyDkB7kRjNVTtOXqyezmUa3kvnIS+Bk2S
|
||||
jcgJlTER6bSgJHkDTs73Lnz11bDXH16fyhL7k5Z3KIIVNYWr8Ad+lcuIK4NNddxQ
|
||||
HoySFK+U6dTjNpWyXXZEmH/9zunSzq4oVM8/W5nUFihflbECQQD37plZ0gW57c6y
|
||||
6t1+87Nc5CNlfd7K7FoZ1b7O/ct3A+ho46Zzi2bMXL8gCyhcZ53fqYIzTOxPVqZL
|
||||
+Ir4s40pAkEAzs/z6LRN87Wm3TmLJPOvl30gM1f3KsJBogn+NKnSlJyYyI05BGj9
|
||||
5fnqr/cqUWPzAKlZf357UwCaxF12uoWxhwJBAOjPoCh70uy4pfPUH5Fqfe6oO6S+
|
||||
AUtDjYfc8oOkRj7H6KE1w8OUDz+vh7krQQckNVck8SIDBZOqphWImdbXo6ECQQCh
|
||||
TFtlgUrS6zhrjjfR6CVpN3Pn15G0zbE22ihjlpfgxIn80PhJUkHEHjlGaLWeqR+b
|
||||
wnlFELbKs8wBnwu8ygz9AkBIyiUisu/XixCpWbFdrLUwOFCdoskvhe/eZJEY2oCP
|
||||
9TLM4o9GokMJVm7Gta96cGs+MVV03UrApJeacrQX3JgR
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -20,7 +20,7 @@ import logging.config
|
|||
import twisted.web
|
||||
import twisted.python.log
|
||||
from twisted.web import server, resource, http
|
||||
from twisted.internet import reactor
|
||||
from twisted.internet import ssl, reactor
|
||||
|
||||
bus = dbus.SessionBus()
|
||||
loop = gobject.MainLoop()
|
||||
|
@ -288,6 +288,13 @@ def main():
|
|||
parser.add_option("", "--log-config",
|
||||
action="store", type="string", dest="logConfig", default=None,
|
||||
help="configure logging via Python logging config file; --debug and --quiet override the log level in the root logger")
|
||||
parser.add_option("", "--server-certificate",
|
||||
action="store", type="string", dest="cert", default=None,
|
||||
help="certificate file used by the server to identify itself (required for https)")
|
||||
parser.add_option("", "--server-key",
|
||||
action="store", type="string", dest="key", default=None,
|
||||
help="key file used by the server to identify itself (optional, certificate file is used as fallback, which then must contain key and certificate)")
|
||||
|
||||
(options, args) = parser.parse_args()
|
||||
|
||||
# determine level chosen via command line
|
||||
|
@ -334,7 +341,14 @@ def main():
|
|||
root = resource.Resource()
|
||||
root.putChild(url.path[1:], SyncMLPost(url))
|
||||
site = server.Site(root)
|
||||
reactor.listenTCP(url.port, site)
|
||||
if url.scheme == "https":
|
||||
if not options.cert:
|
||||
logger.error("need server certificate for https")
|
||||
exit(1)
|
||||
reactor.listenSSL(url.port, site,
|
||||
ssl.DefaultOpenSSLContextFactory(options.key or options.cert, options.cert))
|
||||
else:
|
||||
reactor.listenTCP(url.port, site)
|
||||
reactor.run()
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
Loading…
Reference in New Issue