Load context supports SSL.
(
certfile: str,
keyfile: str,
protocol: int,
cafile: Optional[str] = None,
capath: Optional[str] = None,
client_auth_required: bool = False,
)
| 190 | |
| 191 | |
| 192 | def _get_ssl_ctx( |
| 193 | certfile: str, |
| 194 | keyfile: str, |
| 195 | protocol: int, |
| 196 | cafile: Optional[str] = None, |
| 197 | capath: Optional[str] = None, |
| 198 | client_auth_required: bool = False, |
| 199 | ) -> ssl.SSLContext: |
| 200 | """Load context supports SSL.""" |
| 201 | ssl_cxt = ssl.SSLContext(protocol=protocol) |
| 202 | |
| 203 | if cafile is not None or capath is not None: |
| 204 | try: |
| 205 | ssl_cxt.load_verify_locations(cafile, capath) |
| 206 | except IOError as exc: |
| 207 | exc_type = type(exc) |
| 208 | msg = str(exc) |
| 209 | raise exc_type(f"Cannot load CA certificate chain from file " |
| 210 | f"{cafile!r} or directory {capath!r}: {msg}") |
| 211 | else: |
| 212 | try: |
| 213 | ssl_cxt.load_default_certs(purpose=ssl.Purpose.CLIENT_AUTH) |
| 214 | except IOError as exc: |
| 215 | exc_type = type(exc) |
| 216 | msg = str(exc) |
| 217 | raise exc_type(f"Cannot load default CA certificate chain: {msg}") |
| 218 | |
| 219 | if client_auth_required: |
| 220 | ssl_cxt.verify_mode = ssl.CERT_REQUIRED |
| 221 | |
| 222 | try: |
| 223 | ssl_cxt.load_cert_chain(certfile=certfile, keyfile=keyfile) |
| 224 | except IOError as exc: |
| 225 | exc_type = type(exc) |
| 226 | msg = str(exc) |
| 227 | raise exc_type(f"Cannot load server certificate file {certfile!r} or " |
| 228 | f"its private key file {keyfile!r}: {msg}") |
| 229 | |
| 230 | return ssl_cxt |
| 231 | |
| 232 | |
| 233 | def start_wsgi_server( |