Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gunicorn worker ssl #1003

Merged
merged 2 commits into from
Jul 25, 2016
Merged

Gunicorn worker ssl #1003

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
037a385
init ssl context from gunicorn config
tumb1er Jul 25, 2016
0f0b392
add test for ssl init
tumb1er Jul 25, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion aiohttp/worker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import logging
import os
import signal
import ssl
import sys
import gunicorn.workers.base as base

Expand Down Expand Up @@ -80,9 +81,13 @@ def close(self):

@asyncio.coroutine
def _run(self):

ctx = self._create_ssl_context(self.cfg) if self.cfg.is_ssl else None

for sock in self.sockets:
handler = self.make_handler(self.wsgi)
srv = yield from self.loop.create_server(handler, sock=sock.sock)
srv = yield from self.loop.create_server(handler, sock=sock.sock,
ssl=ctx)
self.servers[srv] = handler

# If our parent changed then we shut down.
Expand Down Expand Up @@ -142,6 +147,21 @@ def handle_abort(self, sig, frame):
self.alive = False
self.exit_code = 1

@staticmethod
def _create_ssl_context(cfg):
""" Creates SSLContext instance for usage in asyncio.create_server.

See ssl.SSLSocket.__init__ for more details.
"""
ctx = ssl.SSLContext(cfg.ssl_version)
ctx.load_cert_chain(cfg.certfile, cfg.keyfile)
ctx.verify_mode = cfg.cert_reqs
if cfg.ca_certs:
ctx.load_verify_locations(cfg.ca_certs)
if cfg.ciphers:
ctx.set_ciphers(cfg.ciphers)
return ctx


class GunicornUVLoopWebWorker(GunicornWebWorker):

Expand Down
17 changes: 13 additions & 4 deletions tests/test_worker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,15 +116,23 @@ def test__run_ok(worker, loop):
ret.set_result(sock)
worker.wsgi.make_handler.return_value.num_connections = 1
worker.cfg.max_requests = 100
worker.cfg.is_ssl = True

with mock.patch('aiohttp.worker.asyncio') as m_asyncio:
m_asyncio.sleep = mock.Mock(
wraps=asyncio.coroutine(lambda *a, **kw: None))
loop.run_until_complete(worker._run())
ssl_context = mock.Mock()
with mock.patch('ssl.SSLContext', return_value=ssl_context):
with mock.patch('aiohttp.worker.asyncio') as m_asyncio:
m_asyncio.sleep = mock.Mock(
wraps=asyncio.coroutine(lambda *a, **kw: None))
loop.run_until_complete(worker._run())

assert worker.notify.called
assert worker.log.info.called

args, kwargs = loop.create_server.call_args
assert 'ssl' in kwargs
ctx = kwargs['ssl']
assert ctx is ssl_context


def test__run_exc(worker, loop):
with mock.patch('aiohttp.worker.os') as m_os:
Expand All @@ -138,6 +146,7 @@ def test__run_exc(worker, loop):
worker.log = mock.Mock()
worker.loop = mock.Mock()
worker.notify = mock.Mock()
worker.cfg.is_ssl = False

with mock.patch('aiohttp.worker.asyncio.sleep') as m_sleep:
slp = helpers.create_future(loop)
Expand Down