@property
def ssl_context(self):
+ """
+ Returns a SSL context with our client certificate
+ """
# Create SSL context
context = ssl.create_default_context()
# Fetch client certificate
- certificate = self.settings.get("client-certificate", None)
- key = self.settings.get("client-key", None)
-
- # Apply client certificate
- if certificate and key:
- with tempfile.NamedTemporaryFile(mode="w") as f_cert:
- f_cert.write(certificate)
- f_cert.flush()
+ certificate = self.config.get("ssl", "certificate")
+ key = self.config.get("ssl", "key")
- with tempfile.NamedTemporaryFile(mode="w") as f_key:
- f_key.write(key)
- f_key.flush()
+ # Raise an error if we don't have certificates
+ if not certificate or not key:
+ raise RuntimeError("Missing SSL configuration")
- context.load_cert_chain(f_cert.name, f_key.name)
+ # Load the certificate chain
+ context.load_cert_chain(certificate, key)
return context
- async def load_certificate(self, certfile, keyfile):
- with self.db.transaction():
- # Load certificate
- with open(certfile) as f:
- self.settings.set("client-certificate", f.read())
-
- # Load key file
- with open(keyfile) as f:
- self.settings.set("client-key", f.read())
-
- log.info("Updated certificates")
-
async def cleanup(self):
"""
Called regularly to cleanup any left-over resources
projects / pbs.git / commitdiff
