Dynamic SSL certificate change question

[Ram]

Is there a way to dynamically change the SSL certificates in a running tornado application? (After the IOLoop..start() has taken place?) - I would like to do this perhaps using a rest api trigger for example, or a simple callback.

Thanks,

--D

[Ben Darnell]

I haven't tried this myself but I believe the way to do it is to keep a reference to the SSLContext you pass to the HTTPServer and then call its load_cert_chain method again whenever you want to update it. 

def main():

    global ssl_ctx

    ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)

    ssl_ctx.load_cert_chain(...)

    app = Application(...)

    app.listen(port, ssl_options=ssl_ctx)

    IOLoop.current().start()

def reload_certs():

    ssl_ctx.load_cert_chain(...)

-Ben

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/python-tornado/50e68bcf-ea21-4d76-bd44-d65209cea20cn%40googlegroups.com.