On Oct 7, 2014, at 3:21 PM, Carl D'Halluin <carl@amplidata.com> wrote:

Another problem is that Twisted doesn't yet support SSL on adopted sockets.

I did this by hand:

# Suppose your create/bind/list your listen_socket, and
# its file descriptor is listen_socket_fd

site = server.Site(MyHttpsSite())

cert = '/path/to/my/cert'
key = '/path/to/my/key'

ctx = DefaultOpenSSLContextFactory(key, cert)
tlsFactory = tls.TLSMemoryBIOFactory(ctx, False, site)
p = tcp.Port._fromListeningDescriptor(reactor,
                                            listen_socket_fd,
                                            socket.AF_INET,
                                            tlsFactory)
p._type = 'TLS'
p.startListening()

os.close(listen_socket_fd)
reactor.run()

There is work underway for addressing this particular use-case (endpoint composition) via string endpoints:

But even today you don't have to touch unsupported private APIs to do this.

As per <https://twistedmatrix.com/trac/wiki/CompatibilityPolicy> we really like to discourage people from touching private (i.e. underscore-prefixed or imported-from-another-module) API, because it may well break in the next release and you'll have no recourse.

(Plus, you should really be using CertificateOptions, not DefaultOpenSSLContextFactory, either via PrivateCertificate(...).options() or directly constructed.)

from twisted.python.filepath import FilePath

site = server.Site(MyHttpsSite())

cert = FilePath('/path/to/my/cert').getContent()

key = FilePath('/path/to/my/key').getContent()

from twisted.internet.ssl import PrivateCertificate

certificateWithKey = PrivateCertificate.loadPEM(b"\n".join([cert, key]))

tlsFactory = tls.TLSMemoryBIOFactory(certificateWithKey.options(), False, site)

from twisted.internet import reactor

reactor.adoptStreamPort(listen_socket_fd, socket.AF_INET, tlsFactory)

os.close(listen_socket_fd)

This code hasn't been tested, but no underscores should be necessary!