(conf, default_ssl_context_factory)
| 220 | worker.log.info("worker received SIGABRT signal") |
| 221 | |
| 222 | def ssl_context(conf, default_ssl_context_factory): |
| 223 | import ssl |
| 224 | |
| 225 | # The default SSLContext returned by the factory function is initialized |
| 226 | # with the TLS parameters from config, including TLS certificates and other |
| 227 | # parameters. |
| 228 | context = default_ssl_context_factory() |
| 229 | |
| 230 | # The SSLContext can be further customized, for example by enforcing |
| 231 | # minimum TLS version. |
| 232 | context.minimum_version = ssl.TLSVersion.TLSv1_3 |
| 233 | |
| 234 | # Server can also return different server certificate depending which |
| 235 | # hostname the client uses. Requires Python 3.7 or later. |
| 236 | def sni_callback(socket, server_hostname, context): |
| 237 | if server_hostname == "foo.127.0.0.1.nip.io": |
| 238 | new_context = default_ssl_context_factory() |
| 239 | new_context.load_cert_chain(certfile="foo.pem", keyfile="foo-key.pem") |
| 240 | socket.context = new_context |
| 241 | |
| 242 | context.sni_callback = sni_callback |
| 243 | |
| 244 | return context |
nothing calls this directly
no test coverage detected