Add SSL Support

[kyeatman74]

Growler would benefit from supporting SSL and HTTPS connections.

[akubera]

The asyncio sockets provide support for SSL connections (given certificate information), so Growler should already support it automatically. Pass an ssl_context to app.create_server, similar to this guide and it should work.

ssl_ctx = ssl.create_default_context(...)
... # setup ssl
app.create_server(host='0.0.0.0', port=443, ssl=ssl_ctx)

The same app can be the target for both secure and insecure servers, and you can check if the incoming request is using http or https is req.protocol property will return 'http' or 'https' (mimicking expressjs)

[kyeatman74]

Andrew,

I was able to get most if it to work fine since the ssl is a pass-through as you suggested. I did have to override the write_eof method of HTTPResponse as the SSL socket is just a little different. I also had to override get_body in HTTPRequest to make it all work. I would also suggest exposing the getpeercert method of the ssl socket to make it a little easier for the users. They are really small changes but it would remove having to override the classes for something small.

Thanks, Ken

On Feb 27, 2017, at 2:59 PM, Andrew notifications@github.com wrote:

The asyncio sockets provide support for SSL connections (given certificate information), so Growler should already support it automatically. Pass an ssl_context to app.create_server, similar to this guide https://pymotw.com/3/asyncio/ssl.html and it should work.

ssl_ctx = ssl.create_default_context(...) ... # setup ssl app.create_server(host='0.0.0.0', port=443, ssl=ssl_ctx) The same app can be the target for both secure and insecure servers, and you can check if the incoming request is using http or https is req.protocol https://github.com/pyGrowler/Growler/blob/dev/growler/http/request.py#L123 property will return 'http' or 'https' (mimicking expressjs http://expressjs.com/en/4x/api.html#req.protocol)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pyGrowler/Growler/issues/17#issuecomment-282834654, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSrgVv3-w9Qs2ZNKZv5oZN87MuGz-b7ks5rgysRgaJpZM4MNYWf.

[akubera]

Ok, I added some tests for SSL server support, exposed peercert via a property on HTTPRequest, and fixed the write_eof() method on response (that whole thing needs re-worked anyways, as connection: keep-alive isn't really supported).

In regards to the get_body method, I think I removed that in favor of a 'body' coroutine - that method couldn't work as I wanted it to, please check if data = await req.body() works.

Hope that helps.

[kyeatman74]

Andrew,

Thanks for the quick update!  I will check out the changes today and let you know if I have any problems.   Thanks again for all the work on the module and I look forward to using it for a number of projects.

Ken

On Mar 11, 2017, at 9:49 PM, Andrew notifications@github.com wrote:

Ok, I added some tests for SSL server support, exposed peercert via a property on HTTPRequest, and fixed the write_eof() method on response (that whole thing needs re-worked anyways, as connection: keep-alive isn't really supported).

In regards to the get_body method, I think I removed that in favor of a 'body' coroutine - that method couldn't work as I wanted it to, please check if data = await req.body() works.

Hope that helps.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pyGrowler/Growler/issues/17#issuecomment-285917703, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSrgdvtbycTFna5ITRVglaGP7YiiMhVks5rk10jgaJpZM4MNYWf.