{"html_url": "https://github.com/simonw/datasette/issues/1221#issuecomment-1356639873", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1221", "id": 1356639873, "node_id": "IC_kwDOBm6k_c5Q3K6B", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-12-18T02:39:04Z", "updated_at": "2022-12-18T02:39:04Z", "author_association": "OWNER", "body": "I ended up moving this test out of Python and into a `bash` script here: https://github.com/simonw/datasette/commit/d1d369456a7319b9de39175605568cbc9b852478", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 806849424, "label": "Support SSL/TLS directly"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1221#issuecomment-777901052", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1221", "id": 777901052, "node_id": "MDEyOklzc3VlQ29tbWVudDc3NzkwMTA1Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-02-12T01:09:54Z", "updated_at": "2021-02-12T01:09:54Z", "author_association": "OWNER", "body": "I also tested this manually. I generated certificate files like so:\r\n\r\n    cd /tmp\r\n    python -m trustme\r\n\r\nThis created `/tmp/server.pem`, `/tmp/client.pem` and `/tmp/server.key`\r\n\r\nThen I started Datasette like this:\r\n\r\n    datasette --memory --ssl-keyfile=/tmp/server.key --ssl-certfile=/tmp/server.pem\r\n\r\nAnd exercise it using `curl` like so:\r\n\r\n    /tmp % curl --cacert /tmp/client.pem 'https://localhost:8001/_memory.json'\r\n    {\"database\": \"_memory\", \"path\": \"/_memory\", \"size\": 0, \"tables\": [], \"hidden_count\": 0, \"views\": [], \"queries\": [],\r\n    \"private\": false, \"allow_execute_sql\": true, \"query_ms\": 0.8843200000114848}\r\n\r\nNote that without the `--cacert` option I get an error:\r\n\r\n```\r\n/tmp % curl 'https://localhost:8001/_memory.json' \r\ncurl: (60) SSL certificate problem: Invalid certificate chain\r\nMore details here: https://curl.haxx.se/docs/sslcerts.html\r\n\r\ncurl failed to verify the legitimacy of the server and therefore could not\r\nestablish a secure connection to it. To learn more about this situation and\r\nhow to fix it, please visit the web page mentioned above.\r\n\r\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 806849424, "label": "Support SSL/TLS directly"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1221#issuecomment-777887190", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1221", "id": 777887190, "node_id": "MDEyOklzc3VlQ29tbWVudDc3Nzg4NzE5MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-02-12T00:29:18Z", "updated_at": "2021-02-12T00:29:18Z", "author_association": "OWNER", "body": "I can use this recipe to start a `datasette` server in a sub-process during the pytest run and exercise it with real HTTP requests: https://til.simonwillison.net/pytest/subprocess-server", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 806849424, "label": "Support SSL/TLS directly"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1221#issuecomment-777883452", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1221", "id": 777883452, "node_id": "MDEyOklzc3VlQ29tbWVudDc3Nzg4MzQ1Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-02-12T00:19:30Z", "updated_at": "2021-02-12T00:19:40Z", "author_association": "OWNER", "body": "Uvicorn supports these options: https://www.uvicorn.org/#command-line-options\r\n```\r\n  --ssl-keyfile TEXT              SSL key file\r\n  --ssl-certfile TEXT             SSL certificate file\r\n  --ssl-keyfile-password TEXT     SSL keyfile password\r\n  --ssl-version INTEGER           SSL version to use (see stdlib ssl module's)\r\n                                  [default: 2]\r\n\r\n  --ssl-cert-reqs INTEGER         Whether client certificate is required (see\r\n                                  stdlib ssl module's)  [default: 0]\r\n\r\n  --ssl-ca-certs TEXT             CA certificates file\r\n  --ssl-ciphers TEXT              Ciphers to use (see stdlib ssl module's)\r\n                                  [default: TLSv1]\r\n```\r\nFor the moment I'm going to support just `--ssl-keyfile` and `--ssl-certfile` as arguments to `datasette serve`. I'll add other options if people ask for them.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 806849424, "label": "Support SSL/TLS directly"}, "performed_via_github_app": null}