klemek/stapler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: use servername callback instead of sni callback
Python Lint CI / ruff (push) Successful in 1m4s
Details
Python Lint CI / ruff-format-check (push) Successful in 1m4s
Details
Python Lint CI / ty (push) Successful in 1m5s
Details
Docker CI / docker-build (push) Has been cancelled
Details
Python Test CI / coverage (push) Has been cancelled
Details

Browse Source
This commit is contained in:
klemek
2026-05-09 12:25:36 +02:00
parent 04360b42d8
commit 3f0490ebc9
4 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
stapler/cert_manager.py
+7 -2
View File
@@ -185,11 +185,16 @@ class CertManager:
return False
return self.__exists_certbot(host)
def sni_callback(
self, socket: ssl.SSLObject, host: str | None, _: ssl.SSLContext, /
def servername_callback(
self,
socket: ssl.SSLSocket | ssl.SSLObject,
host: str | None,
_: ssl.SSLSocket,
/,
) -> None | int:
if host is None:
return None
self.logger.debug("servername callback: %s", host)
if not self.exists(host) and not self.create_or_update(host):
return None
cert_file = self.get_cert(host)
stapler/server.py
+1 -1
View File
@@ -73,7 +73,7 @@ class StaplerServer:
)
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
server.socket = context.wrap_socket(server.socket, server_side=True)
context.sni_callback = self.cert_manager.sni_callback
context.set_servername_callback(self.cert_manager.servername_callback)
else:
server = http.server.ThreadingHTTPServer(
(
tests/test_cert_manager.py
+10 -8
View File
@@ -161,24 +161,26 @@ class TestRegistry(BaseTestCase):
lambda: self.cert_manager.get_key("example.com"),
)
def test_sni_callback_no_host(self) -> None:
def test_servername_callback_no_host(self) -> None:
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", count=0),
):
self.cert_manager.sni_callback(self.socket_mock, None, self.context_mock)
self.cert_manager.servername_callback(
self.socket_mock, None, self.context_mock
)
def test_sni_callback_fail(self) -> None:
def test_servername_callback_fail(self) -> None:
self._make_self_signed("example.com")
with (
self.patch("shutil.which", count=3),
self.patch("ssl.create_default_context", count=0),
):
self.cert_manager.sni_callback(
self.cert_manager.servername_callback(
self.socket_mock, "example.fr", self.context_mock
)
def test_sni_callback_create_context(self) -> None:
def test_servername_callback_create_context(self) -> None:
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", return_value=self.context_mock),
@@ -191,18 +193,18 @@ class TestRegistry(BaseTestCase):
),
self.patch("shutil.which", count=0),
):
self.cert_manager.sni_callback(
self.cert_manager.servername_callback(
self.socket_mock, "example.com", self.context_mock
)
def test_sni_callback_create_context_fail(self) -> None:
def test_servername_callback_create_context_fail(self) -> None:
self._make_self_signed("example.com")
with (
self.patch("ssl.create_default_context", return_value=self.context_mock),
self.patch("shutil.which", count=0),
):
self.context_mock.load_cert_chain.side_effect = Exception
self.cert_manager.sni_callback(
self.cert_manager.servername_callback(
self.socket_mock, "example.com", self.context_mock
)
self.context_mock.load_cert_chain.assert_called_once_with(
tests/test_server.py
+2 -1
View File
@@ -65,7 +65,7 @@ class TestStaplerServer(BaseTestCase):
def test_run_https(self) -> None:
self.token_manager.detect_file_change.side_effect = KeyboardInterrupt
self.cert_manager.sni_callback = unittest.mock.Mock()
self.cert_manager.servername_callback = unittest.mock.Mock()
with (
self.mock_call(self.registry.load_pages),
self.mock_call(self.cert_manager.init),
@@ -74,6 +74,7 @@ class TestStaplerServer(BaseTestCase):
self.patch("ssl.create_default_context", return_value=self.context_mock),
self.patch("http.server.ThreadingHTTPServer", self.server_mock, 2),
self.mock_call_unchecked(self.context_mock.wrap_socket),
self.mock_call_unchecked(self.context_mock.set_servername_callback),
self.mock_calls_unchecked(self.server_mock.serve_forever, 2),
self.mock_call(self.server_mock.shutdown),
self.seal_mocks(),