From c1902e4396103b3be9e95f05bad2363f2f76653d Mon Sep 17 00:00:00 2001
From: Calum Lind <calumlind+deluge@gmail.com>
Date: Fri, 11 Dec 2015 11:44:37 +0000
Subject: [PATCH] [#2782] [WebUI] Fix HTTPS negotiating incorrect cipher

---
 deluge/ui/web/server.py | 36 ++++++++++++++----------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py
index 5ac6fb3c3..d4d49f37e 100644
--- a/deluge/ui/web/server.py
+++ b/deluge/ui/web/server.py
@@ -14,9 +14,10 @@ import mimetypes
 import os
 import tempfile
 
+from OpenSSL.crypto import FILETYPE_PEM
 from twisted.application import internet, service
 from twisted.internet import defer, error, reactor
-from twisted.internet.ssl import SSL
+from twisted.internet.ssl import SSL, Certificate, CertificateOptions, KeyPair
 from twisted.web import http, resource, server, static
 
 from deluge import common, component, configmanager
@@ -527,24 +528,6 @@ class TopLevel(resource.Resource):
                                debug=debug, base=request.base, js_config=js_config)
 
 
-class ServerContextFactory:
-
-    def __init__(self):
-        pass
-
-    def getContext(self):  # NOQA
-        """Creates an SSL context."""
-        ctx = SSL.Context(SSL.SSLv23_METHOD)
-        ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
-        delugeweb = component.get("DelugeWeb")
-        log.debug("Enabling SSL using:")
-        log.debug("Pkey: %s", delugeweb.pkey)
-        log.debug("Cert: %s", delugeweb.cert)
-        ctx.use_privatekey_file(configmanager.get_config_dir(delugeweb.pkey))
-        ctx.use_certificate_chain_file(configmanager.get_config_dir(delugeweb.cert))
-        return ctx
-
-
 class DelugeWeb(component.Component):
 
     def __init__(self):
@@ -599,12 +582,21 @@ class DelugeWeb(component.Component):
 
     def start_normal(self):
         self.socket = reactor.listenTCP(self.port, self.site, interface=self.interface)
-        log.info("serving on %s:%s view at http://%s:%s", self.interface, self.port, self.interface, self.port)
+        log.info("Serving at http://%s:%s", self.interface, self.port)
 
     def start_ssl(self):
         check_ssl_keys()
-        self.socket = reactor.listenSSL(self.port, self.site, ServerContextFactory(), interface=self.interface)
-        log.info("serving on %s:%s view at https://%s:%s", self.interface, self.port, self.interface, self.port)
+        log.debug("Enabling SSL with PKey: %s, Cert: %s", self.pkey, self.cert)
+
+        with open(configmanager.get_config_dir(self.cert)) as cert:
+            certificate = Certificate.loadPEM(cert.read()).original
+        with open(configmanager.get_config_dir(self.pkey)) as pkey:
+            private_key = KeyPair.load(pkey.read(), FILETYPE_PEM).original
+        options = CertificateOptions(privateKey=private_key, certificate=certificate, method=SSL.SSLv23_METHOD)
+        options.getContext().set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
+
+        self.socket = reactor.listenSSL(self.port, self.site, options, interface=self.interface)
+        log.info("Serving at https://%s:%s", self.interface, self.port)
 
     def stop(self):
         log.info("Shutting down webserver")