On Oct 7, 2014, at 3:21 PM, Carl D'Halluin <carl@amplidata.com> wrote:
Another problem is that Twisted doesn't yet support SSL on adopted sockets.
I did this by hand:
# Suppose your create/bind/list your listen_socket, and # its file descriptor is listen_socket_fd
site = server.Site(MyHttpsSite())
cert = '/path/to/my/cert' key = '/path/to/my/key'
ctx = DefaultOpenSSLContextFactory(key, cert) tlsFactory = tls.TLSMemoryBIOFactory(ctx, False, site) p = tcp.Port._fromListeningDescriptor(reactor, listen_socket_fd, socket.AF_INET, tlsFactory) p._type = 'TLS' p.startListening()
os.close(listen_socket_fd) reactor.run()
There is work underway for addressing this particular use-case (endpoint composition) via string endpoints: <https://twistedmatrix.com/trac/ticket/5642> But even today you don't have to touch unsupported private APIs to do this. As per <https://twistedmatrix.com/trac/wiki/CompatibilityPolicy> we really like to discourage people from touching private (i.e. underscore-prefixed or imported-from-another-module) API, because it may well break in the next release and you'll have no recourse. (Plus, you should really be using CertificateOptions, not DefaultOpenSSLContextFactory, either via PrivateCertificate(...).options() or directly constructed.) from twisted.python.filepath import FilePath site = server.Site(MyHttpsSite()) cert = FilePath('/path/to/my/cert').getContent() key = FilePath('/path/to/my/key').getContent() from twisted.internet.ssl import PrivateCertificate certificateWithKey = PrivateCertificate.loadPEM(b"\n".join([cert, key])) tlsFactory = tls.TLSMemoryBIOFactory(certificateWithKey.options(), False, site) import socket from twisted.internet import reactor reactor.adoptStreamPort(listen_socket_fd, socket.AF_INET, tlsFactory) import os os.close(listen_socket_fd) reactor.run() This code hasn't been tested, but no underscores should be necessary! -glyph