Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide clear documentation or possibility (if does not exist yet) on usage of pem file with both certificate and private key file inside #1802

Open
oleksiilv opened this issue Aug 15, 2019 · 1 comment
Labels

Comments

@oleksiilv
Copy link

@oleksiilv oleksiilv commented Aug 15, 2019

I'm submitting a ...

  • bug report
  • feature request
  • question about the decisions made in the repository

Do you want to request a feature or report a bug?
feature

What is the current behavior?
not documented, unspecified.
It seems to work if we specify the following, but it is not clear whether it is recommended and works as expected:

cherrypy.server.ssl_module = 'builtin'
cherrypy.server.ssl_certificate = pem_certificate_with_certificate_and_private_key
cherrypy.server.ssl_private_key = pem_certificate_with_certificate_and_private_key

or even just:

cherrypy.server.ssl_module = 'builtin'
cherrypy.server.ssl_certificate = pem_certificate_with_certificate_and_private_key

If the current behavior is a bug, please provide the steps to reproduce and if possible a screenshots and logs of the problem. If you can, show us your code.

N/A

What is the expected behavior?

possibility to use pem file with both certificate and private inside is specified and documented

What is the motivation / use case for changing the behavior?

Security is very important for web applications so it is better to have proofs from documentation that what is used is correct.
Developers are asking about such behavior, e.g.:
#1563 (comment)

Please tell us about your environment:

  • CherryPy version: 18.1.2
  • Python version: 3.6.5
  • OS: any
  • Browser: [all]

Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, e.g. stackoverflow, gitter, etc.)

N/A

@triage-new-issues triage-new-issues bot added the triage label Aug 15, 2019
@webknjaz
Copy link
Member

@webknjaz webknjaz commented Aug 15, 2019

Yeah, it's used like this even in tests too: https://github.com/cherrypy/cherrypy/blob/db0a8a6/cherrypy/test/helper.py#L435-L439

The code for TLS adapters is @ https://github.com/cherrypy/cheroot/tree/e03c3f5d362a7ac5d2517aabbc7b60b10fd83d1d/cheroot/ssl. CherryPy mostly just maps config values to their initializers.

If you have ideas on the docs improvements, feel free to send a PR against https://github.com/cherrypy/cherrypy/blob/db0a8a6/docs/deploy.rst#L174-L237

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.