Resolving Issue #1202 by providing a certificate chain to ssl.wrap_socket

author: decontaminatoR <decontaminatoR> 2015-04-11 09:28:56 +0000
committer: decontaminatoR <decontaminatoR> 2015-04-11 09:28:56 +0000
commit: d61e4dca0c140e74736bab8a1886769919ccde6d (patch)
tree: decdbd656066a55cafec98293c54a75a4f8ab172
parent: 74e520bf74012c41bb85a22182a95d3262f03aab (diff)
download: cherrypy-d61e4dca0c140e74736bab8a1886769919ccde6d.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/cherrypy/wsgiserver/ssl_builtin.py b/cherrypy/wsgiserver/ssl_builtin.py
index 2c74ad84..4827b424 100644
--- a/cherrypy/wsgiserver/ssl_builtin.py
+++ b/cherrypy/wsgiserver/ssl_builtin.py
@@ -33,6 +33,9 @@ class BuiltinSSLAdapter(wsgiserver.SSLAdapter):
 
     private_key = None
     """The filename of the server's private key file."""
+    
+    certificate_chain = None
+    """The filename of the certificate chain file."""
 
     def __init__(self, certificate, private_key, certificate_chain=None):
         if ssl is None:
@@ -51,7 +54,8 @@ class BuiltinSSLAdapter(wsgiserver.SSLAdapter):
             s = ssl.wrap_socket(sock, do_handshake_on_connect=True,
                                 server_side=True, certfile=self.certificate,
                                 keyfile=self.private_key,
-                                ssl_version=ssl.PROTOCOL_SSLv23)
+                                ssl_version=ssl.PROTOCOL_SSLv23,
+                                ca_certs=self.certificate_chain)
         except ssl.SSLError:
             e = sys.exc_info()[1]
             if e.errno == ssl.SSL_ERROR_EOF:
author	decontaminatoR <decontaminatoR>	2015-04-11 09:28:56 +0000
committer	decontaminatoR <decontaminatoR>	2015-04-11 09:28:56 +0000
commit	d61e4dca0c140e74736bab8a1886769919ccde6d (patch)
tree	decdbd656066a55cafec98293c54a75a4f8ab172
parent	74e520bf74012c41bb85a22182a95d3262f03aab (diff)
download	cherrypy-d61e4dca0c140e74736bab8a1886769919ccde6d.tar.gz