Wiki Navigation

SslCherry?

SslCherry? is a simple one-page python file that integrates the python package M2Crypto with CherryPy to provide HTTPS support.

Usage

from cherrypy import cpg
import sslcherry

...

cpg.root = Root()
sslcherry.start(configFile='foo.conf')

Your config file should contain something like this:

[server]
sslKeyFile=foo.pem

Where "foo.pem" is a file containing your private key and certificate, in the same format that apache uses.

Security

To quote from the M2Crypto README file:

M2Crypto's handling of active hostile input is probably suspect.

Please consider the implications of this for your site. If you fell uncomfortable about it, consider running BehindApache instead. Even though I wrote this module, I am considering not using it in production.

Bugs

The URLs given in cpg.request.base and cpg.request.browserUrl still start with "http://" instead of the correct "https://".
Unix domain sockets are not supported.
SSL error handling is not done well.
M2Crypto does not currently appear to support (or compile for) Python 2.4.

Attachments

sslcherry.3.py (2.7 kB) -v3: Fix SSL error handling so that it doesn't terminate/lock-up the server, added by Tim Evans <t.evans-cp@aranz.com> on 03/17/07 15:22:42.

Download in other formats:

Plain Text