Commit 6fe91e83 authored by Ales Mrazek's avatar Ales Mrazek

README.rst update

parent 9e03ff88
.. |date| date::
*******
JetConf
*******
*******************************
JetConf with disable SSL option
*******************************
**ssl** branch of **Jetconf** project allow you to disable SSL in *YAM* configuration file::
:Author: Pavel Špírek <pavel.spirek@nic.cz>
:Date: |date|
DISABLE_SSL: true
*JetConf* is an implementation of the RESTCONF_ protocol written in
Python 3. Main features:
and read header SSL ``x-ssl-client-cn`` to establish the user making the request.
* HTTP/2 over TLS, certificate-based authentication of clients
Http request will be made by user ``example@mail.cz`` which is added to header::
* JSON data encoding
# get root configuration data
curl --http2-prior-knowledge -H "x-ssl-client-cn: example@mail.cz" -X GET "http://localhost:8443/restconf/data"
* Per-user candidate datastores with transactions
This allows you to run Jetconf behind a load balancer like HAproxy, where you can terminate the TLS connection, add necessary headers and forward the http request to Jetconf.::
* Support for NACM_
# forward SSL headers to jetconf
http-request set-header X-SSL %[ssl_fc]
http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
http-request set-header X-SSL-Issuer %{+Q}[ssl_c_i_dn]
http-request set-header X-SSL-Client-Not-Before %{+Q}[ssl_c_notbefore]
http-request set-header X-SSL-Client-Not-After %{+Q}[ssl_c_notafter]
Requirements
=============
*JetConf* requires Python 3.6 or newer::
$ sudo apt-get install python3
$ sudo apt-get install python3-pip
These requirements should be installed by running *Instalation*
::
colorlog
h2==3.0.1
pytz
PyYAML
yangson
Installation
============
*JetConf* can be installed by PyPI:
::
$ python3 -m pip install jetconf
Running
=======
Running *JetConf*
::
$ jetconf -c <path_to_config_file.yaml>
For development purposes, *JetConf* can also be started directly
from Git repository with run.py script:
::
$ ./run.py -c <path_to_config_file.yaml>
Example configuration (template)
================================
In the 'data' folder, there is an example template for
configuring paths, certificates etc.
::
example-config.yaml
In this configuration file, you have to modify all paths to match
your actual file locations.
Links
=====
* `Git repository`_
* `Documentation`_
.. _RESTCONF: https://tools.ietf.org/html/draft-ietf-netconf-restconf-18
.. _NACM: https://datatracker.ietf.org/doc/rfc6536/
.. _Git repository: https://github.com/CZ-NIC/jetconf
.. _Documentation: https://gitlab.labs.nic.cz/labs/jetconf/wikis/home
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2gAwIBAgIUM1dLD/ul/7RZVgNFzvXiAKrWSgowDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCQ1oxEzARBgNVBAgMClNvbWUtU3RhdGUxEzARBgNVBAoM
CkV4YW1wbGUgQ0ExETAPBgNVBAsMCGV4YWNhLmN6MRYwFAYDVQQDDA1tYWlsQGV4
YWNhLmN6MB4XDTE4MTIxMDExMzcyOVoXDTI4MTIwNzExMzcyOVowYjELMAkGA1UE
BhMCQ1oxEzARBgNVBAgMClNvbWUtU3RhdGUxEzARBgNVBAoMCkV4YW1wbGUgQ0Ex
ETAPBgNVBAsMCGV4YWNhLmN6MRYwFAYDVQQDDA1tYWlsQGV4YWNhLmN6MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+3Iz/BckIESoiWq1dZEdzx2X2ay
tf/XcBTzOnQ/ts0TVtZzI1TcrvuSMb8+3JGP1QgGahyarX4s8Tn6ECrnOM1dyzUi
1E3zx4+gq9JEH+7Xf9e8aGiKj/u1suomn+LJqQMOnbqqCBkR9ijHFrRBaO7so1Kv
poB9BxkJamvO7V+yqL9oxTDkkc0A5pkdxfCgIZzxkNe9/psQABBmJn/NcbtUFUDn
7yo3qyl8vyarGMqRFyxkZhSmL3pYhFQeVyf+JXyVskG+9VOrsK4QFduKFQO9kAqi
Vvw8yIk21r8CxH1S3mBtpr7p3wnhrxUd0pcxOmTcMVhHhriRHudNjt8+uQIDAQAB
o1MwUTAdBgNVHQ4EFgQUSp/mGd1v/ee9IMT2FK0GOpbUTyMwHwYDVR0jBBgwFoAU
Sp/mGd1v/ee9IMT2FK0GOpbUTyMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEASsj/mVooYxBBllJ5ZFCc9tQHLJEcJjCefVuqaS2uLirFm6deW0G+
D7wYOK0+OFKoEWpUeQ9qjWn/S2tqeUTVzeA6Qt0rkgVcIbJEpEnG+U+7gGeDwjWN
fouRm5nkuq5kwgEQhSYi/+Zai4smFhRhK5w9+5ks1m366wFc9bIZJBmn7L8jgS+j
iO5yHW501dUAhdRYuqdc2uu4QME+ylaXMPVb6e1zakDy7Zu0UGyUKxe2O2dNX5f2
eVQExJLL4HaxYqETRdG5YNZfmygcMpA2Be6d5W4ELO6P51W/zubpzgbl0iLX0BRt
6HGuj/P2lwjvm3MXA+68zr2k+vZkZBvflg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDGDCCAgACFFOGoQDT32VtJ6d2qBHVKOVe1Z+wMA0GCSqGSIb3DQEBCwUAMGIx
CzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRMwEQYDVQQKDApFeGFt
cGxlIENBMREwDwYDVQQLDAhleGFjYS5jejEWMBQGA1UEAwwNbWFpbEBleGFjYS5j
ejAeFw0xODEyMTAxMTM5NTlaFw0yODEyMDcxMTM5NTlaMC8xDTALBgNVBAMMBFRl
c3QxHjAcBgkqhkiG9w0BCQEWD2V4YW1wbGVAbWFpbC5jejCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMA1oAEwbEajmpBykmEf9vU9kubXvlRumr4gBCWB
HxpTPZgPDX0JzRch6/mtaVXnw1XAeyUnWzyMEGqfF7+vruZi6mVEd6hfQgRVhBVJ
6Y69PrCP/YntwxMWABRrD2Qct7IUqZYuJugcmhPL06k+UDNdD/OpDTY5Aq/sHJAR
SFjJhueGH13DhR23+iC15h1LOP2a17d66SXplFOgH42ewPdPyqx6tGvN7qs76STh
25Vd8chKfYraIB4MOG99qF7T2L100MMTtBwM/rxGxJFtrEUc5Vntsl2s25V4H8L2
Wb8vXfrez5V6w0rqhJez2nDW4KLlflPRVZ094vOZ/UuebCUCAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAp6ej+KI0ewmCp54ih3dU1qWmRBDgubr1C7G8LbLm3oU5lZ+C
4BP43kkzlOwjTthwdPOaDO5dN0VxgnhueOex1NX4Pyj1jZsR5DKPDVDTauwhYD+5
OIVhX7eQadU9PE2ZpfefOEU/oyb9+TcuuRQrTXNAHcyml8PHX18lc+9bjdktvHm5
s9JDE9Xc6AsR1Mss6uPMncfZvri6rlZizaF3s3+jdoIRnyGDY9bMzrVzMwY2PYOp
4686PCGC2zQkcn3NcQMj/agr7zI5VMc1IcV8lcOAJoINHuXtQYm8vs8tFH8o6ce6
XYVx8aKna5+6t5zBk0LU6+yQjBgqceQw0LdBVg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDGDCCAgACFFOGoQDT32VtJ6d2qBHVKOVe1Z+wMA0GCSqGSIb3DQEBCwUAMGIx
CzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRMwEQYDVQQKDApFeGFt
cGxlIENBMREwDwYDVQQLDAhleGFjYS5jejEWMBQGA1UEAwwNbWFpbEBleGFjYS5j
ejAeFw0xODEyMTAxMTM5NTlaFw0yODEyMDcxMTM5NTlaMC8xDTALBgNVBAMMBFRl
c3QxHjAcBgkqhkiG9w0BCQEWD2V4YW1wbGVAbWFpbC5jejCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMA1oAEwbEajmpBykmEf9vU9kubXvlRumr4gBCWB
HxpTPZgPDX0JzRch6/mtaVXnw1XAeyUnWzyMEGqfF7+vruZi6mVEd6hfQgRVhBVJ
6Y69PrCP/YntwxMWABRrD2Qct7IUqZYuJugcmhPL06k+UDNdD/OpDTY5Aq/sHJAR
SFjJhueGH13DhR23+iC15h1LOP2a17d66SXplFOgH42ewPdPyqx6tGvN7qs76STh
25Vd8chKfYraIB4MOG99qF7T2L100MMTtBwM/rxGxJFtrEUc5Vntsl2s25V4H8L2
Wb8vXfrez5V6w0rqhJez2nDW4KLlflPRVZ094vOZ/UuebCUCAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAp6ej+KI0ewmCp54ih3dU1qWmRBDgubr1C7G8LbLm3oU5lZ+C
4BP43kkzlOwjTthwdPOaDO5dN0VxgnhueOex1NX4Pyj1jZsR5DKPDVDTauwhYD+5
OIVhX7eQadU9PE2ZpfefOEU/oyb9+TcuuRQrTXNAHcyml8PHX18lc+9bjdktvHm5
s9JDE9Xc6AsR1Mss6uPMncfZvri6rlZizaF3s3+jdoIRnyGDY9bMzrVzMwY2PYOp
4686PCGC2zQkcn3NcQMj/agr7zI5VMc1IcV8lcOAJoINHuXtQYm8vs8tFH8o6ce6
XYVx8aKna5+6t5zBk0LU6+yQjBgqceQw0LdBVg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwDWgATBsRqOakHKSYR/29T2S5te+VG6aviAEJYEfGlM9mA8N
fQnNFyHr+a1pVefDVcB7JSdbPIwQap8Xv6+u5mLqZUR3qF9CBFWEFUnpjr0+sI/9
ie3DExYAFGsPZBy3shSpli4m6ByaE8vTqT5QM10P86kNNjkCr+wckBFIWMmG54Yf
XcOFHbf6ILXmHUs4/ZrXt3rpJemUU6AfjZ7A90/KrHq0a83uqzvpJOHblV3xyEp9
itogHgw4b32oXtPYvXTQwxO0HAz+vEbEkW2sRRzlWe2yXazblXgfwvZZvy9d+t7P
lXrDSuqEl7PacNbgouV+U9FVnT3i85n9S55sJQIDAQABAoIBAQCm62sC3VyKk/Xc
z8LTWgELxOdYVa/SfyMfTYqMT3AFWpi4/wmFtwdGuYzGjZRWqCj4xWmsQFt5X2G6
VmM3coh/RxOr0iPgMqmQPfuwyTltXmecyc8zAypP3uE+2iLJnC7jFhKYe4gKNxyP
aIluBtF7aaw6vGre1e/Be1jqvDeJ8iVtqH7sGLJjAUY2rLrxa7MZGbdSKuwYwyTR
dtbOM2aQhRczMwXnuBMd8Mn1B9RicFvtYdawfuKpnmid9J/b1Nw2tdlvtAYYiFVL
+WOcB5Y1wZxROzdGKHGQ1tiP02MJ+0yvdTgOKHl+kxDFJNdaIq0pKiK21WyzRWNV
FT4YIQRBAoGBAPqt/tlNyaH447hZUXs1w/2qaWoF0FAKsROabTvqqhwtAt3mH/7w
hpqHndGRm4W3Jcb+/IwUm28bP1/LiPxVrah9tAMqOJi9PRwtfzNYC2kt+qHi/0+X
WQtUZ3DzXR5z3PW4kPpMVrlE0ekTBhFuVEHGP59dl745O6P7lUFSc64tAoGBAMRJ
8k5KhiRnA7JPeI+5dzdqxunifJvzU6VOu3mGEYbJ8TPgzTkwZ57jFuZ1MWd/wfwS
NZc0But7nK4yD3jWWGnA6veC+JHfX1PTSkyotpuWVqf0lv8C9j89zDnL617XIvx3
FYwULcPy8zbFU3jJrqQrl1xjm2hELjBZIMdR8+jZAoGAcJHuHbtWzousBz7k3kV4
q9L434mY0Djc6AazAvMQTPLRlMAgoiV07LP15QRUKKnkJwaednFSk4RS4zvNWjNH
dqBsU/eDzuM8LAkqU+43wZXKNSRwrlcyv2m5wfknWeOB2D53rE7Xqv8CnH3UfcNj
xt21+GTZHa0p4Su7DMhv9kkCgYBn2sQkXlPZINQY3OlqCfQk0w8JonbRwI2qMh0J
MEFHssM28qNCtfStYXO1XZ5VJ4iIiU3ngXSD1XRRylTbV3WSBquLZ7WC4M+8N1fh
dYagjYut88CMjpGhZl4O2nDfTi7Jq2wwIGESgxHiEceXagZIAHRmQqFwKlrR4+Zu
71KBCQKBgBf6fLXyHSnNaHbp7rnHiwks7I5VplSkVMNjy1FVW4dKdXWdDqH0T7M3
8R5+LXeN7FrYwDeB28T87WrelG1jz9mzhpn+cInVWN9yoaajr3D3AHKCr1i9fJwp
FyOZfmMjivpeaHud1QVsaKe6SthmyvOmIKY4GXTjXv+05TzCSQZl
-----END RSA PRIVATE KEY-----
......@@ -4,9 +4,9 @@ GLOBAL:
PIDFILE: "/tmp/jetconf.pid"
PERSISTENT_CHANGES: false
LOG_LEVEL: "debug"
LOG_DBG_MODULES: ["usr_conf_data_handlers", "knot_api", "nacm", "data"]
YANG_LIB_DIR: "/home/user/jetconf-conf/yang-data-jukebox/"
DATA_JSON_FILE: "/home/user/jetconf-conf/data.json.jb"
LOG_DBG_MODULES: ["usr_conf_data_handlers", "nacm", "data"]
YANG_LIB_DIR: "yang-modules"
DATA_JSON_FILE: "data.json"
BACKEND_PACKAGE: "jetconf_jukebox"
HTTP_SERVER:
......@@ -14,14 +14,8 @@ HTTP_SERVER:
DOC_DEFAULT_NAME: "index.html"
API_ROOT: "/restconf"
SERVER_NAME: "jetconf-h2"
SERVER_SSL_CERT: "/home/user/jetconf-conf/server_localhost.crt"
SERVER_SSL_PRIVKEY: "/home/user/jetconf-conf/server_localhost.key"
CA_CERT: "/home/user/jetconf-conf/ca.pem"
DBG_DISABLE_CERTS: false
DISABLE_SSL: true
DBG_DISABLE_CERTS: true
NACM:
ALLOWED_USERS: ["example@mail.cz"]
KNOT:
SOCKET: "/home/user/knot-conf/knot.sock"
example
\ No newline at end of file
-----BEGIN CERTIFICATE-----
MIIDUDCCAjigAwIBAgIUU4ahANPfZW0np3aoEdUo5V7Vn68wDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCQ1oxEzARBgNVBAgMClNvbWUtU3RhdGUxEzARBgNVBAoM
CkV4YW1wbGUgQ0ExETAPBgNVBAsMCGV4YWNhLmN6MRYwFAYDVQQDDA1tYWlsQGV4
YWNhLmN6MB4XDTE4MTIxMDExMzg0OVoXDTI4MTIwNzExMzg0OVowFDESMBAGA1UE
AwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytP5
jYFCv2r5FAzCAb2QU0QVP7UWJTUGeorHgME8UVj3gzqFpuQCWt5ueahNxMtvfaqn
J5ig9JWaXYd92A83TsMc/Bv0uaDp4sa6is+zC/n3HtUuXscc7ugteCop4O25HuB4
d7+tHc0RGS87oCvOQkrKx5DHY6sZ4PKbn3C/qQO0gxfQ87GctL0NwXTJlPve+rBM
KZDhxto/963rb5mbQx6kdC3voW/Xl0QJrV8RR0ky/kQ/mxuBmWob0HPLD9f/DVdX
iIJvJDH7N6JOhot8pngAoCPnWPlmGzxanmT5oiRNRhVBBbtEgxu3eqwwL5ZLmmTB
Rs86ur9ThykXm4ZWlwIDAQABo0wwSjAfBgNVHSMEGDAWgBRKn+YZ3W/9570gxPYU
rQY6ltRPIzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAPBgNVHREECDAGhwR/AAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB42T0Z4tVIQESQtDxjIEvz2D5EgNEs6FLvRcYB
eIu/LlEDSCqC3iiWmMAiXgnXl4AsRKrdM2QBGBzh6HUoGsXEo4nhIsf5f3CEvfKg
MEIDEriYD3O7llib/hXkDrukLB+N3ULjdb6h9AC0LNr5RKEU5nEmqvI/zQwJU/8N
veh0EnTvXWdrKLjG9gzyamPomwVe+HVGkW+ZzmqawWo+1b8O6Nz8wScVputtCbsb
woxZp8l8mjcm/yYrWQLQ61PySZVJ11o0GaTnSGFfWvVE6LGim+ArP//Kh/pwcjad
rTc3BkDfR4Ukg/CvG2hAz8X5xh/1KroCYOg2u5sVewJuddrc
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAytP5jYFCv2r5FAzCAb2QU0QVP7UWJTUGeorHgME8UVj3gzqF
puQCWt5ueahNxMtvfaqnJ5ig9JWaXYd92A83TsMc/Bv0uaDp4sa6is+zC/n3HtUu
Xscc7ugteCop4O25HuB4d7+tHc0RGS87oCvOQkrKx5DHY6sZ4PKbn3C/qQO0gxfQ
87GctL0NwXTJlPve+rBMKZDhxto/963rb5mbQx6kdC3voW/Xl0QJrV8RR0ky/kQ/
mxuBmWob0HPLD9f/DVdXiIJvJDH7N6JOhot8pngAoCPnWPlmGzxanmT5oiRNRhVB
BbtEgxu3eqwwL5ZLmmTBRs86ur9ThykXm4ZWlwIDAQABAoIBAG24FXsSvYTG3U6X
SCug2/3vCn+X+g7OjF6lzB4+ad6nfd0jP0F0fkGhqalt/gPC+ODF+/5Tdl5Yv1Rx
AwZp1MVqjrdieBQik+L1FdwZVwXXhnLLZ3Ylx+UE+/PQ+y6N6mJlk0VUDtXcJK+2
+U4/5CfARcmG7BVibXFeTAkH+OX4AFz8sXZfFM0RrlFNibQ4286tSxeGSYji0Clr
X5uWhNdlCO8pO8S4+/jkiHwHdaFp4W2YNwffjApbyWgzJ52DUjbSvk+HIj0f/pJr
Hl22x5tFdHjXm3CV9/G6QIEdfjqw29YA3K5lqBicPB3W3p+t5ae7LdOTJfyrUR43
zxZg84ECgYEA7hWkRl5umAY0UFUEcexzcduWEBEbH0A4X880/IC/m1o4zjD+5aJE
7gy2xnBE0bjBOcYzX+xxG3+I6DszhziIsd1I3lbpXyems9oMMY4DEeTwhH7cUssb
2MfPUbHTBBv7zaNmxei4rqkDKZuKao+rIWrX0j5ypyiZODoDQXwpeEcCgYEA2hcq
tO8WZfZhQoAF+CeaxHhu4Z/jQH7cJ/3BkcoJryow9lKI0ZJp2IPRcrhZ+8nODgT1
QYqDUblZpmXC8CivHLRljQVO4BDcw1kCrtRj/A6kZlW0J1eGM9+6qMX+0/z+e5mT
+YtjanOc1pY8V47JXFiAj2Cf3XyXhY4SlxTgpzECgYEAjiF1VF0DgNYTXPGkGa6i
rJH+X9EWc+2OugOlCiiCOmf+CXnOcaARrlsAsi5Lpze4gpkECnvIejYEsT7GYC8r
y6Li4XjZEOlG54+AQAUbaA9YVoC1XufJ0/xUk9yosIdUJ0spC3UG654SOUCVvU/P
Rb/W37hQEeJ2tc5MK0fIKfkCgYEAjlIv/INKCqAOOGdzfc3aofw13+eHVb9zzGU8
vPcr+rN94EFcJ+d0S2c6d7L2hencHin+IxdROzPJ3VzrKe5i2EihPLYKEw7uAk1E
AvN3jDXB80ZampHzcka+eQU8lvqy19YRSvg7mGx6HU9NcZYssabPvsE/kjqMZwuf
9hgZwwECgYARhSmOij7ftetPgAXWl94B/L1ynVjEwendUnvTYHeLQ4CHgJRweBGP
GNjdGiOB+Gfrqeugznq2FvdaIAaomwEfzLEv8wBkwV2YGvN0Mn1JPKPnI7SRNBwI
qBQq1IaFWqFtX0u3Fp304jPKbDJeZ/OxSw5XmjwPVZaAs98sgMFaMA==
-----END RSA PRIVATE KEY-----
......@@ -3,6 +3,7 @@ import yaml
from colorlog import info
from yaml.parser import ParserError
from yaml.loader import SafeLoader
CFG = None # type: JcConfig
......@@ -33,7 +34,6 @@ class JcConfig:
"UPLOAD_SIZE_LIMIT": 1,
"LISTEN_LOCALHOST_ONLY": False,
"PORT": 8443,
"SERVER_SSL_CERT": "server.crt",
"SERVER_SSL_PRIVKEY": "server.key",
"DISABLE_SSL": False,
......@@ -76,7 +76,7 @@ class JcConfig:
def load_file(self, file_path: str) -> bool:
with open(file_path) as conf_fd:
try:
conf_yaml = yaml.load(conf_fd)
conf_yaml = yaml.load(conf_fd, Loader=SafeLoader)
except ParserError as e:
raise ValueError(str(e))
......
......@@ -55,7 +55,6 @@ def get_username(client_cert: SSLCertT, headers: OrderedDict) -> str:
return CertHelpers.get_field(client_cert, "emailAddress")
class HttpRequestError(Exception):
pass
......
......@@ -10,7 +10,8 @@ from h2.config import H2Configuration
from h2.connection import H2Connection
from h2.errors import ErrorCodes as H2ErrorCodes
from h2.exceptions import ProtocolError
from h2.events import DataReceived, RequestReceived, RemoteSettingsChanged, StreamEnded, WindowUpdated, ConnectionTerminated
from h2.events import DataReceived, RequestReceived, RemoteSettingsChanged, \
StreamEnded, WindowUpdated, ConnectionTerminated
from . import config
from .helpers import SSLCertT, LogHelpers
......@@ -57,7 +58,6 @@ class H2Protocol(asyncio.Protocol):
self.transport = transport
self.client_cert = transport.get_extra_info("peercert")
if config.CFG.http["DISABLE_SSL"]:
self.conn.initiate_connection()
else:
......@@ -279,10 +279,12 @@ class RestServer:
# HTTP server init
if config.CFG.http["DISABLE_SSL"]:
ssl_context = None
warn("SSL Disabled")
else:
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.options |= (ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION)
ssl_context.load_cert_chain(certfile=config.CFG.http["SERVER_SSL_CERT"], keyfile=config.CFG.http["SERVER_SSL_PRIVKEY"])
ssl_context.load_cert_chain(certfile=config.CFG.http["SERVER_SSL_CERT"],
keyfile=config.CFG.http["SERVER_SSL_PRIVKEY"])
if ssl.HAS_ALPN:
ssl_context.set_alpn_protocols(["h2"])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment