From af216e3697cd45e92e3be0753137e08c86cb373f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Santos?= Date: Fri, 16 Nov 2018 23:32:21 +0000 Subject: [PATCH 1/2] Verify if certfile and keyfile are paths to actual files This allow to try to not use ssl if the key file path or the certificate file are broken. The files might be missing because the user intentionally removed them but didn't update the settings first. In that situation, this change won't make the app crash, the warning is logged and that way the user has the chance to update the settings. --- cps/server.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/cps/server.py b/cps/server.py index 59f20109..45718f0d 100644 --- a/cps/server.py +++ b/cps/server.py @@ -32,9 +32,14 @@ class server: def start_gevent(self): try: ssl_args = dict() - if web.ub.config.get_config_certfile() and web.ub.config.get_config_keyfile(): - ssl_args = {"certfile": web.ub.config.get_config_certfile(), - "keyfile": web.ub.config.get_config_keyfile()} + certfile_path = web.ub.config.get_config_certfile() + keyfile_path = web.ub.config.get_config_keyfile() + if certfile_path and keyfile_path: + if os.path.isfile(certfile_path) and os.path.isfile(keyfile_path): + ssl_args = {"certfile": certfile_path, + "keyfile": keyfile_path} + else: + web.app.logger.info('The specified paths for the ssl certificate file and/or key file seem to be broken. Ignoring ssl. Cert path: %s | Key path: %s' % (certfile_path, keyfile_path)) if os.name == 'nt': self.wsgiserver= WSGIServer(('0.0.0.0', web.ub.config.config_port), web.app, spawn=Pool(), **ssl_args) else: @@ -61,9 +66,14 @@ class server: else: try: web.app.logger.info('Starting Tornado server') - if web.ub.config.get_config_certfile() and web.ub.config.get_config_keyfile(): - ssl={"certfile": web.ub.config.get_config_certfile(), - "keyfile": web.ub.config.get_config_keyfile()} + certfile_path = web.ub.config.get_config_certfile() + keyfile_path = web.ub.config.get_config_keyfile() + if certfile_path and keyfile_path: + if os.path.isfile(certfile_path) and os.path.isfile(keyfile_path): + ssl_args = {"certfile": certfile_path, + "keyfile": keyfile_path} + else: + web.app.logger.info('The specified paths for the ssl certificate file and/or key file seem to be broken. Ignoring ssl. Cert path: %s | Key path: %s' % (certfile_path, keyfile_path)) else: ssl=None # Max Buffersize set to 200MB From c6a5ac7f25b3961e8f4d4cd42ee010cea7fe926e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Santos?= Date: Sat, 17 Nov 2018 00:28:34 +0000 Subject: [PATCH 2/2] Fix wrong variable usage --- cps/server.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cps/server.py b/cps/server.py index 45718f0d..c3dd3f28 100644 --- a/cps/server.py +++ b/cps/server.py @@ -70,8 +70,8 @@ class server: keyfile_path = web.ub.config.get_config_keyfile() if certfile_path and keyfile_path: if os.path.isfile(certfile_path) and os.path.isfile(keyfile_path): - ssl_args = {"certfile": certfile_path, - "keyfile": keyfile_path} + ssl = {"certfile": certfile_path, + "keyfile": keyfile_path} else: web.app.logger.info('The specified paths for the ssl certificate file and/or key file seem to be broken. Ignoring ssl. Cert path: %s | Key path: %s' % (certfile_path, keyfile_path)) else: