GaretJax/listen.py

## listen.py
reactor.listenSSL(
    port=443,
    factory=server_factory,
    contextFactory=SNICallbackSSLFactory(RedisCertsStore()),
)

## ssl_context_factory.py
@implementer(IOpenSSLServerConnectionCreator)
class SNICallbackSSLFactory(object):
    def __init__(self, certs_store):
        self.certs_store = certs_store

    def _buildContext(self):
        context = ssl.Context(ssl.SSLv23_METHOD)
        context.set_options(ssl.OP_NO_SSLv2)
        return context

    @defer.inlineCallbacks
    def _servername_received(self, connection):
        hostname = connection.get_servername()

        # connection.pause()

        cert, key = yield self.certs_store.get_cert_and_key(hostname)

        context = self._buildContext()
        context.use_privatekey(key)
        context.use_certificate(cert)
        connection.set_context(context)

        # connection.resume()

    def serverConnectionForTLS(self, tlsProtocol):
        context = self._buildContext()
        context.set_tlsext_servername_callback(self._servername_received)
        return ssl.Connection(context, None)
	reactor.listenSSL(
	port=443,
	factory=server_factory,
	contextFactory=SNICallbackSSLFactory(RedisCertsStore()),
	)
	@implementer(IOpenSSLServerConnectionCreator)
	class SNICallbackSSLFactory(object):
	def __init__(self, certs_store):
	self.certs_store = certs_store

	def _buildContext(self):
	context = ssl.Context(ssl.SSLv23_METHOD)
	context.set_options(ssl.OP_NO_SSLv2)
	return context

	@defer.inlineCallbacks
	def _servername_received(self, connection):
	hostname = connection.get_servername()

	# connection.pause()

	cert, key = yield self.certs_store.get_cert_and_key(hostname)

	context = self._buildContext()
	context.use_privatekey(key)
	context.use_certificate(cert)
	connection.set_context(context)

	# connection.resume()

	def serverConnectionForTLS(self, tlsProtocol):
	context = self._buildContext()
	context.set_tlsext_servername_callback(self._servername_received)
	return ssl.Connection(context, None)