init ssl context from gunicorn config

aio-libs · Jul 25, 2016 · 037a385 · 037a385
1 parent 072991f
commit 037a385
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/aiohttp/worker.py b/aiohttp/worker.py
@@ -4,6 +4,7 @@
 import logging
 import os
 import signal
+import ssl
 import sys
 import gunicorn.workers.base as base
 
@@ -16,6 +17,10 @@ class GunicornWebWorker(base.Worker):
 
     def __init__(self, *args, **kw):  # pragma: no cover
         super().__init__(*args, **kw)
+        if self.cfg.is_ssl:
+            self.ssl_context = self._create_ssl_context(self.cfg)
+        else:
+            self.ssl_context = None
 
         self.servers = {}
         self.exit_code = 0
@@ -82,7 +87,8 @@ def close(self):
     def _run(self):
         for sock in self.sockets:
             handler = self.make_handler(self.wsgi)
-            srv = yield from self.loop.create_server(handler, sock=sock.sock)
+            srv = yield from self.loop.create_server(handler, sock=sock.sock,
+                                                     ssl=self.ssl_context)
             self.servers[srv] = handler
 
         # If our parent changed then we shut down.
@@ -142,6 +148,21 @@ def handle_abort(self, sig, frame):
         self.alive = False
         self.exit_code = 1
 
+    @staticmethod
+    def _create_ssl_context(cfg):
+        """ Creates SSLContext instance for usage in asyncio.create_server.
+
+        See ssl.SSLSocket.__init__ for more details.
+        """
+        ctx = ssl.SSLContext(cfg.ssl_version)
+        ctx.load_cert_chain(cfg.certfile, cfg.keyfile)
+        ctx.verify_mode = cfg.cert_reqs
+        if cfg.ca_certs:
+            ctx.load_verify_locations(cfg.ca_certs)
+        if cfg.ciphers:
+            ctx.set_ciphers(cfg.ciphers)
+        return ctx
+
 
 class GunicornUVLoopWebWorker(GunicornWebWorker):