* Initial support for using multiple SSL certificates.
* Also list IP address subjectAltNames on log.
* Use Python 3.7+ way of specifying TLSv1.2 as the minimum version. Linter fixes.
* isort
* Cleanup, store server name for later use. Add RSA ciphers. Log rejected SNIs.
* Cleanup, linter.
* Alter the order of initial log messages and handling. In particular, enable debug mode early so that debug messages during init can be shown.
* Store server name (SNI) to conn_info.
* Update test with new error message.
* Refactor for readability.
* Cleanup
* Replace old expired test cert with new ones and a script for regenerating them as needed.
* Refactor TLS tests to a separate file.
* Add cryptography to dev deps for rebuilding TLS certs.
* Minor adjustment to messages.
* Tests added for new TLS code.
* Find the correct log row before testing for message. The order was different on CI.
* More log message order fixup. The tests do not account for the logo being printed first.
* Another attempt at log message indexing fixup.
* Major TLS refactoring.
CertSelector now allows dicts and SSLContext within its list.
Server names are stored even when no list is used.
SSLContext.sanic now contains a dict with any setting passed and information extracted from cert.
That information is available on request.conn_info.cert.
Type annotations added.
More tests incl. a handler for faking hostname in tests.
* Remove a problematic logger test that apparently was not adding any coverage or value to anything.
* Revert accidental commit of uvloop disable.
* Typing fixes / refactoring.
* Additional test for cert selection. Certs recreated without DNS:localhost on sanic.example cert.
* Add tests for single certificate path shorthand and SNI information.
* Move TLS dict processing to CertSimple, make the names field optional and use names from the cert if absent.
* Sanic CLI options --tls and --tls-strict-host to use the new features.
* SSL argument typing updated
* Use ValueError for internal message passing to avoid CertificateError's odd message formatting.
* Linter
* Test CLI TLS options.
* Maybe the right codeclimate option now...
* Improved TLS argument help, removed support for combining --cert/--key with --tls.
* Removed support for strict checking without any certs, black forced fscked up formatting.
* Update CLI tests for stricter TLS options.
Co-authored-by: L. Karkkainen <tronic@users.noreply.github.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
6c7df68c7c