mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-03 05:07:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

add logging for ssl cert/key and cafile

Browse source
This commit is contained in:
Peter Bieringer 2024-11-13 22:20:13 +01:00
parent fb904320d2
commit 00dac0c030
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
radicale/server.py
View file

@ -185,6 +185,7 @@ class ParallelHTTPSServer(ParallelHTTPServer):
"(%s)" % (type_name, name, "server", source, filename, "(%s)" % (type_name, name, "server", source, filename,
e)) from e e)) from e
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
logger.info("SSL load files certificate='%s' key='%s'", certfile, keyfile)
context.load_cert_chain(certfile=certfile, keyfile=keyfile) context.load_cert_chain(certfile=certfile, keyfile=keyfile)
if protocol: if protocol:
logger.info("SSL set explicit protocol: '%s'", protocol) logger.info("SSL set explicit protocol: '%s'", protocol)
@ -204,6 +205,7 @@ class ParallelHTTPSServer(ParallelHTTPServer):
cipherlist.append(entry["name"]) cipherlist.append(entry["name"])
logger.info("SSL accepted ciphers: %s", ' '.join(cipherlist)) logger.info("SSL accepted ciphers: %s", ' '.join(cipherlist))
if cafile: if cafile:
logger.info("SSL enable mandatory client certificate verification using CA file='%s'", cafile)
context.load_verify_locations(cafile=cafile) context.load_verify_locations(cafile=cafile)
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED
self.socket = context.wrap_socket( self.socket = context.wrap_socket(