startTLS: support Let's Encrypt certificates

2025-02-20 13:06:49 +00:00 · 2019-02-04 18:07:18 +01:00 · 2019-02-04 18:07:18 +01:00 · fe11e66b29
commit fe11e66b29
parent 09b035e57d
1 changed files with 13 additions and 6 deletions
--- a/syncplay/server.py
+++ b/syncplay/server.py
@ -5,6 +5,7 @@ import os
 import random
 import time
 from string import Template
+from OpenSSL import crypto

 from twisted.enterprise import adbapi
 from twisted.internet import task, reactor, ssl
@ -20,7 +21,7 @@ from syncplay.utils import RoomPasswordProvider, NotControlledRoom, RandomString
 class SyncFactory(Factory):
    def __init__(self, port='', password='', motdFilePath=None, isolateRooms=False, salt=None,
                 disableReady=False, disableChat=False, maxChatMessageLength=constants.MAX_CHAT_MESSAGE_LENGTH,
-                 maxUsernameLength=constants.MAX_USERNAME_LENGTH, statsDbFile=None, tlsCert=None):
+                 maxUsernameLength=constants.MAX_USERNAME_LENGTH, statsDbFile=None, tlsCertPath=None):
        self.isolateRooms = isolateRooms
        print(getMessage("welcome-server-notification").format(syncplay.version))
        self.port = port
@ -49,12 +50,18 @@ class SyncFactory(Factory):
        else:
            self._statsDbHandle = None
        self.options = None
-        if tlsCert is not None:
+        if tlsCertPath is not None:
            try:
-                with open(tlsCert) as f:
-                    certData = f.read()
-                cert = ssl.PrivateCertificate.loadPEM(certData).options()
-                self.options = cert
+                privkey=open(tlsCertPath+'/privkey.pem', 'rt').read()
+                certif=open(tlsCertPath+'/cert.pem', 'rt').read()
+                chain=open(tlsCertPath+'/chain.pem', 'rt').read()
+
+                privkeypyssl=crypto.load_privatekey(crypto.FILETYPE_PEM,privkey)
+                certifpyssl=crypto.load_certificate(crypto.FILETYPE_PEM,certif)
+                chainpyssl=[crypto.load_certificate(crypto.FILETYPE_PEM,chain)]
+
+                contextFactory=ssl.CertificateOptions(privateKey=privkeypyssl,certificate=certifpyssl,extraCertChain=chainpyssl)
+                self.options = contextFactory
            except Exception as e:
 	            print(e)
 	            print("Cannot import certificate. TLS support not enabled.")