Commits

Anonymous committed 9861729

Changed page WhatsNewIn32

Comments (0)

Files changed (1)

WhatsNewIn32.wiki

 
 == wsgiserver ==
 
-We now support Python's builtin `ssl` module, in addition to the former `pyOpenSSL`, and there is an established `SSLAdapter` interface for hooking up other SSL libraries. See UpgradeTo32#SSLchanges for more details. In addition, the `pyOpenSSL` adapter sports a new `context` configuration method, which you can set to an instance of `SSL.Context` for more advanced settings. See the `pyOpenSSL` documentation for all the options. It also accepts a `certificate_chain` argument, the filename of CA's intermediate certificate bundle. This is needed for cheaper "chained root" SSL certificates, and should be left as None if not required.
+We now support Python's builtin `ssl` module, in addition to the former `pyOpenSSL`, and there is an established `SSLAdapter` API for hooking up other SSL libraries.
+
+In !CherryPy 3.1, you could tell the wsgiserver to use SSL by setting a couple of configuration entries like so:
+
+{{{
+server.ssl_certificate = <filename>
+server.ssl_private_key = <filename>
+}}}
+
+If you wish to continue using pyOpenSSL using the syntax above, nothing has changed.
+
+To use Python's builtin `ssl` module instead, add the line:
+
+{{{
+    server.ssl_module = 'builtin'
+}}}
+
+In addition, the `pyOpenSSL` adapter sports a new `context` configuration method, which you can set to an instance of `SSL.Context` for more advanced settings. See the `pyOpenSSL` documentation for all the options. It also accepts a `certificate_chain` argument, the filename of CA's intermediate certificate bundle. This is needed for cheaper "chained root" SSL certificates, and should be left as None if not required.
 
 Open sockets are no longer inherited by child processes (thanks nicolas grilly). See #856 for more details.