diff --git a/aiohttp/worker.py b/aiohttp/worker.py index e2c707d207e..64dacbebf8c 100644 --- a/aiohttp/worker.py +++ b/aiohttp/worker.py @@ -4,6 +4,7 @@ import logging import os import signal +import ssl import sys import gunicorn.workers.base as base @@ -16,6 +17,10 @@ class GunicornWebWorker(base.Worker): def __init__(self, *args, **kw): # pragma: no cover super().__init__(*args, **kw) + if self.cfg.is_ssl: + self.ssl_context = self._create_ssl_context(self.cfg) + else: + self.ssl_context = None self.servers = {} self.exit_code = 0 @@ -82,7 +87,8 @@ def close(self): def _run(self): for sock in self.sockets: handler = self.make_handler(self.wsgi) - srv = yield from self.loop.create_server(handler, sock=sock.sock) + srv = yield from self.loop.create_server(handler, sock=sock.sock, + ssl=self.ssl_context) self.servers[srv] = handler # If our parent changed then we shut down. @@ -142,6 +148,21 @@ def handle_abort(self, sig, frame): self.alive = False self.exit_code = 1 + @staticmethod + def _create_ssl_context(cfg): + """ Creates SSLContext instance for usage in asyncio.create_server. + + See ssl.SSLSocket.__init__ for more details. + """ + ctx = ssl.SSLContext(cfg.ssl_version) + ctx.load_cert_chain(cfg.certfile, cfg.keyfile) + ctx.verify_mode = cfg.cert_reqs + if cfg.ca_certs: + ctx.load_verify_locations(cfg.ca_certs) + if cfg.ciphers: + ctx.set_ciphers(cfg.ciphers) + return ctx + class GunicornUVLoopWebWorker(GunicornWebWorker):