Add --disable-ssl option to simple-server.py

This commit is contained in:
maxmcd 2018-06-06 12:42:07 -04:00 committed by Sebastian Dröge
parent bb56d6eab7
commit 83b9c4efd7
2 changed files with 22 additions and 24 deletions

View file

@ -5,9 +5,4 @@ RUN pip3 install --user websockets
WORKDIR /opt/
COPY . /opt/
RUN sed -i 's/sslctx.load_cert_chain(chain_pem, keyfile=key_pem)/pass/g' \
./simple-server.py
RUN sed -i 's/ssl=sslctx,//g' \
./simple-server.py
CMD python -u ./simple-server.py
CMD python -u ./simple-server.py --disable-ssl

View file

@ -22,6 +22,7 @@ parser.add_argument('--addr', default='0.0.0.0', help='Address to listen on')
parser.add_argument('--port', default=8443, type=int, help='Port to listen on')
parser.add_argument('--keepalive-timeout', dest='keepalive_timeout', default=30, type=int, help='Timeout for keepalive (in seconds)')
parser.add_argument('--cert-path', default=os.path.dirname(__file__))
parser.add_argument('--disable-ssl', default=False, help='Disable ssl', action='store_true')
options = parser.parse_args(sys.argv[1:])
@ -239,25 +240,27 @@ async def handler(ws, path):
finally:
await remove_peer(peer_id)
# Create an SSL context to be used by the websocket server
certpath = options.cert_path
print('Using TLS with keys in {!r}'.format(certpath))
if 'letsencrypt' in certpath:
sslctx = None
if not options.disable_ssl:
# Create an SSL context to be used by the websocket server
certpath = options.cert_path
print('Using TLS with keys in {!r}'.format(certpath))
if 'letsencrypt' in certpath:
chain_pem = os.path.join(certpath, 'fullchain.pem')
key_pem = os.path.join(certpath, 'privkey.pem')
else:
else:
chain_pem = os.path.join(certpath, 'cert.pem')
key_pem = os.path.join(certpath, 'key.pem')
sslctx = ssl.create_default_context()
try:
sslctx = ssl.create_default_context()
try:
sslctx.load_cert_chain(chain_pem, keyfile=key_pem)
except FileNotFoundError:
except FileNotFoundError:
print("Certificates not found, did you run generate_cert.sh?")
sys.exit(1)
# FIXME
sslctx.check_hostname = False
sslctx.verify_mode = ssl.CERT_NONE
# FIXME
sslctx.check_hostname = False
sslctx.verify_mode = ssl.CERT_NONE
print("Listening on https://{}:{}".format(*ADDR_PORT))
# Websocket server