Add TLS password to config

sanic/config.py

@@ -41,6 +41,7 @@ DEFAULT_CONFIG = {
     "REQUEST_MAX_SIZE": 100000000,  # 100 megabytes
     "REQUEST_TIMEOUT": 60,  # 60 seconds
     "RESPONSE_TIMEOUT": 60,  # 60 seconds
+    "TLS_CERT_PASSWORD": "",
     "USE_UVLOOP": _default,
     "WEBSOCKET_MAX_SIZE": 2**20,  # 1 megabyte
     "WEBSOCKET_PING_INTERVAL": 20,
@@ -87,6 +88,7 @@ class Config(dict, metaclass=DescriptorMeta):
     REQUEST_TIMEOUT: int
     RESPONSE_TIMEOUT: int
     SERVER_NAME: str
+    TLS_CERT_PASSWORD: str
     USE_UVLOOP: Union[Default, bool]
     WEBSOCKET_MAX_SIZE: int
     WEBSOCKET_PING_INTERVAL: int

sanic/http/http3.py

@@ -188,9 +188,10 @@ def get_config(app: Sanic, ssl: SSLContext):
         is_client=False,
         max_datagram_frame_size=65536,
     )
-    # TODO:
-    # - add password kwarg, read from config.TLS_CERT_PASSWORD
-    config.load_cert_chain(ssl.sanic["cert"], ssl.sanic["key"])
+    password = app.config.TLS_CERT_PASSWORD or None
+    config.load_cert_chain(
+        ssl.sanic["cert"], ssl.sanic["key"], password=password
+    )
 
     return config