From 4164fc3d020d7ef94de3ddc938225bf3397ab9ff Mon Sep 17 00:00:00 2001
From: peerster <paer.berge@gmail.com>
Date: Sat, 12 Sep 2015 16:53:00 +0200
Subject: [PATCH] Permission check for ssl cert and key

---
 libs/tornado/tcpserver.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/libs/tornado/tcpserver.py b/libs/tornado/tcpserver.py
index a02b36f..aaadf6a 100755
--- a/libs/tornado/tcpserver.py
+++ b/libs/tornado/tcpserver.py
@@ -106,6 +106,18 @@ class TCPServer(object):
             if 'certfile' not in self.ssl_options:
                 raise KeyError('missing key "certfile" in ssl_options')
 
+            # Run os.stat against cert and keyfile to test permissions,
+            # if not, just raise the exception
+            try:
+                os.stat(self.ssl_options['certfile'])
+            except:
+                raise
+
+            try:
+                os.stat(self.ssl_options['keyfile'])
+            except:
+                raise
+
             if not os.path.exists(self.ssl_options['certfile']):
                 raise ValueError('certfile "%s" does not exist' %
                                  self.ssl_options['certfile'])