diff options
Diffstat (limited to 'examples/sni/server.py')
-rw-r--r-- | examples/sni/server.py | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/examples/sni/server.py b/examples/sni/server.py deleted file mode 100644 index 891c6c5..0000000 --- a/examples/sni/server.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (C) Jean-Paul Calderone -# See LICENSE for details. - -from __future__ import print_function - -from sys import stdout -from socket import SOL_SOCKET, SO_REUSEADDR, socket - -from OpenSSL.crypto import FILETYPE_PEM, load_privatekey, load_certificate -from OpenSSL.SSL import TLSv1_METHOD, Context, Connection - - -def load(domain): - crt = open(domain + ".crt") - key = open(domain + ".key") - result = ( - load_privatekey(FILETYPE_PEM, key.read()), - load_certificate(FILETYPE_PEM, crt.read())) - crt.close() - key.close() - return result - - -def main(): - """ - Run an SNI-enabled server which selects between a few certificates in a - C{dict} based on the handshake request it receives from a client. - """ - port = socket() - port.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1) - port.bind(('', 8443)) - port.listen(3) - - print('Accepting...', end="") - stdout.flush() - server, addr = port.accept() - print('accepted', addr) - - server_context = Context(TLSv1_METHOD) - server_context.set_tlsext_servername_callback(pick_certificate) - - server_ssl = Connection(server_context, server) - server_ssl.set_accept_state() - server_ssl.do_handshake() - server.close() - - -certificates = { - "example.invalid": load("example.invalid"), - "another.invalid": load("another.invalid"), -} - - -def pick_certificate(connection): - try: - key, cert = certificates[connection.get_servername()] - except KeyError: - pass - else: - new_context = Context(TLSv1_METHOD) - new_context.use_privatekey(key) - new_context.use_certificate(cert) - connection.set_context(new_context) - - -if __name__ == '__main__': - raise SystemExit(main()) |