Merge pull request #382 from Nevon/ssl-key-passphrase

Add option for cert key password
2019-03-13 13:34:03 +01:00 · 2019-03-13 13:34:03 +01:00 · 6e09ec2548
parent c136ea2d34 92cb3d8355
commit 6e09ec2548
3 changed files with 8 additions and 5 deletions
--- a/tests/test_websockifyserver.py
+++ b/tests/test_websockifyserver.py
@ -271,7 +271,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
            def __init__(self, purpose):
                self.verify_mode = None
                self.options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                pass
            def set_default_verify_paths(self):
                pass
@ -310,7 +310,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
            def __init__(self, purpose):
                self.verify_mode = None
                self.options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                pass
            def set_default_verify_paths(self):
                pass
@ -351,7 +351,7 @@ class WebSockifyServerTestCase(unittest.TestCase):
            def __init__(self, purpose):
                self.verify_mode = None
                self._options = 0
-            def load_cert_chain(self, certfile, keyfile):
+            def load_cert_chain(self, certfile, keyfile, password):
                pass
            def set_default_verify_paths(self):
                pass
--- a/websockify/websocketproxy.py
+++ b/websockify/websocketproxy.py
@ -478,6 +478,8 @@ def websockify_init():
            help="SSL certificate file")
    parser.add_option("--key", default=None,
            help="SSL key file (if separate from cert)")
+    parser.add_option("--key-password", default=None,
+            help="SSL key password")
    parser.add_option("--ssl-only", action="store_true",
            help="disallow non-encrypted client connections")
    parser.add_option("--ssl-target", action="store_true",
--- a/websockify/websockifyserver.py
+++ b/websockify/websockifyserver.py
@ -340,7 +340,7 @@ class WebSockifyServer(object):

    def __init__(self, RequestHandlerClass, listen_fd=None,
            listen_host='', listen_port=None, source_is_ipv6=False,
-            verbose=False, cert='', key='', ssl_only=None,
+            verbose=False, cert='', key='', key_password=None, ssl_only=None,
            verify_client=False, cafile=None,
            daemon=False, record='', web='', web_auth=False,
            file_only=False,
@ -380,6 +380,7 @@ class WebSockifyServer(object):

        # keyfile path must be None if not specified
        self.key = None
+        self.key_password = key_password

        # Make paths settings absolute
        self.cert = os.path.abspath(cert)
@ -577,7 +578,7 @@ class WebSockifyServer(object):
                    if self.ssl_ciphers is not None:
                        context.set_ciphers(self.ssl_ciphers)
                    context.options = self.ssl_options
-                    context.load_cert_chain(certfile=self.cert, keyfile=self.key)
+                    context.load_cert_chain(certfile=self.cert, keyfile=self.key, password=self.key_password)
                    if self.verify_client:
                        context.verify_mode = ssl.CERT_REQUIRED
                        if self.cafile: