From d26d79c18258e9e7a76003e0d1409e42f1df7451 Mon Sep 17 00:00:00 2001
From: Adam Hopkins <adam@amhopkins.com>
Date: Wed, 23 Feb 2022 10:01:12 +0200
Subject: [PATCH] Add TLS password to config

---
 sanic/config.py     | 2 ++
 sanic/http/http3.py | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sanic/config.py b/sanic/config.py
index f213f5c9..d0245c1d 100644
--- a/sanic/config.py
+++ b/sanic/config.py
@@ -41,6 +41,7 @@ DEFAULT_CONFIG = {
     "REQUEST_MAX_SIZE": 100000000,  # 100 megabytes
     "REQUEST_TIMEOUT": 60,  # 60 seconds
     "RESPONSE_TIMEOUT": 60,  # 60 seconds
+    "TLS_CERT_PASSWORD": "",
     "USE_UVLOOP": _default,
     "WEBSOCKET_MAX_SIZE": 2**20,  # 1 megabyte
     "WEBSOCKET_PING_INTERVAL": 20,
@@ -87,6 +88,7 @@ class Config(dict, metaclass=DescriptorMeta):
     REQUEST_TIMEOUT: int
     RESPONSE_TIMEOUT: int
     SERVER_NAME: str
+    TLS_CERT_PASSWORD: str
     USE_UVLOOP: Union[Default, bool]
     WEBSOCKET_MAX_SIZE: int
     WEBSOCKET_PING_INTERVAL: int
diff --git a/sanic/http/http3.py b/sanic/http/http3.py
index 3d1b2b56..b954566f 100644
--- a/sanic/http/http3.py
+++ b/sanic/http/http3.py
@@ -188,9 +188,10 @@ def get_config(app: Sanic, ssl: SSLContext):
         is_client=False,
         max_datagram_frame_size=65536,
     )
-    # TODO:
-    # - add password kwarg, read from config.TLS_CERT_PASSWORD
-    config.load_cert_chain(ssl.sanic["cert"], ssl.sanic["key"])
+    password = app.config.TLS_CERT_PASSWORD or None
+    config.load_cert_chain(
+        ssl.sanic["cert"], ssl.sanic["key"], password=password
+    )
 
     return config