SABnzbd Forums

Hi,

I have an issue that is not exactly a bug, but a missing feature.

In order to work correctly with some "official" (non-selfsigned) certificates, it can be necessary to provide the client with a set of intermediary CAs. This can't be configured in SABnzbd currently. It would require an equivalent to Apache's SSLCertificateChainFile Directive, see:

http://httpd.apache.org/docs/2.2/mod/mo ... echainfile

With that option, you could configure sab to use a free certificate from http://cert.startcom.org/ that is trusted by many current web browsers.

Regards,
sphere


Version: 0.5.0 beta 5
OS: Windows 7
Install type: Windows ZIP
reproducible: yes

Good idea. I must check if our internal webserver (CherryPy) supports this at all.
It won't make it into 0.5.0 Final.
Ticket: https://trac2.assembla.com/SABnzbd/ticket/368

great, thanks for picking up my suggestion.

and thanks for this great software project!

Just looked the issue up in CheryPy's documentation. It says:

In addition, the pyOpenSSL adapter sports a new context configuration method, which you can set to an instance of SSL.Context for more advanced settings. See the pyOpenSSL documentation for all the options. It also accepts a certificate_chain argument, the filename of CA's intermediate certificate bundle. This is needed for cheaper "chained root" SSL certificates, and should be left as None if not required.

Not sure if that's in the CherryPy release that we use.
Their 3.2.0RC1 release is (again) so incompatible with previous ones,
that we cannot use it yet.

If it's possible to vote for a feature, my vote is on this one.

Searched the forum for chain support and found this one..