I would like to pass an existing SSL Context to uvicorn.run()
. For example, I have a certificate that needs a password to load. Typically I would do that by setting up a context like so:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
# ... customize context even more
ssl_context.load_cert_chain(ssl_crt_path, keyfile=ssl_key_path, password=ssl_key_password)
The current options are limited to these kinds of advance scenarios and I'd like to avoid keep adding/requesting --ssl-xyz
options for each of those scenarios. I know I can decrypt the key before loading it into python, but I'm limited on the environment I need to deploy on since I'm given the encrypted key and the password via a secret.
Adding the ability to pass a ssl_context
to uvicorn.run
in python code that supersedes any of the ssl_*
settings if provided.
Example changes in uvicorn/config.py
:
@property
def is_ssl(self) -> bool:
return bool(self.ssl_keyfile or self.ssl_certfile)
@property
def is_ssl_context(self) -> bool:
return isinstance(self.ssl_context, ssl.SSLContext)
# ...
if self.is_ssl and not self.is_ssl_context:
self.ssl = create_ssl_context(
keyfile=self.ssl_keyfile,
certfile=self.ssl_certfile,
ssl_version=self.ssl_version,
cert_reqs=self.ssl_cert_reqs,
ca_certs=self.ssl_ca_certs,
ciphers=self.ssl_ciphers,
)
elif self.is_ssl_context:
self.ssl = self.ssl_context
else:
self.ssl = None
# ...
Searched source code to see if there was a way to pass a custom context to no avail.
Since ssl context is createe via python, it would not quite be supported via command line. Unless we want to get fancy. I can attempt to do a PR if permitted. Thanks!
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too