Merge https://bitbucket.org/cherrypy/cherrypy/pull-requests/97. Fixes #1202.

2 files changed, 11 insertions, 1 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 291f8c9a..a3c62069 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,9 @@
+5.2.1
+-----
+
+* #1202: Add support for specifying a certificate authority when
+  serving SSL using the built-in SSL support.
+
 5.2.0
 -----
 
diff --git a/cherrypy/wsgiserver/ssl_builtin.py b/cherrypy/wsgiserver/ssl_builtin.py
index 2c74ad84..4827b424 100644
--- a/cherrypy/wsgiserver/ssl_builtin.py
+++ b/cherrypy/wsgiserver/ssl_builtin.py
@@ -33,6 +33,9 @@ class BuiltinSSLAdapter(wsgiserver.SSLAdapter):
 
     private_key = None
     """The filename of the server's private key file."""
+    
+    certificate_chain = None
+    """The filename of the certificate chain file."""
 
     def __init__(self, certificate, private_key, certificate_chain=None):
         if ssl is None:
@@ -51,7 +54,8 @@ class BuiltinSSLAdapter(wsgiserver.SSLAdapter):
             s = ssl.wrap_socket(sock, do_handshake_on_connect=True,
                                 server_side=True, certfile=self.certificate,
                                 keyfile=self.private_key,
-                                ssl_version=ssl.PROTOCOL_SSLv23)
+                                ssl_version=ssl.PROTOCOL_SSLv23,
+                                ca_certs=self.certificate_chain)
         except ssl.SSLError:
             e = sys.exc_info()[1]
             if e.errno == ssl.SSL_ERROR_EOF: