Add support for HTTPS chain certificate file.

Just enabling the user to specify the file and then passing it on to CherryPy.

SABnzbd.py

@@ -671,7 +671,7 @@ def get_webhost(cherryhost, cherryport, https_port):
     return cherryhost, cherryport, browserhost, https_port
 
 
-def attach_server(host, port, cert=None, key=None):
+def attach_server(host, port, cert=None, key=None, chain=None):
     """ Define and attach server, optionally HTTPS
     """
     if not (sabnzbd.cfg.no_ipv6() and '::1' in host):
@@ -680,6 +680,7 @@ def attach_server(host, port, cert=None, key=None):
         if cert and key:
             http_server.ssl_certificate = cert
             http_server.ssl_private_key = key
+            http_server.ssl_certificate_chain = chain
         adapter = _cpserver.ServerAdapter(cherrypy.engine, http_server, http_server.bind_addr)
         adapter.subscribe()
 
@@ -1350,6 +1351,10 @@ def main():
 
     https_cert = sabnzbd.cfg.https_cert.get_path()
     https_key = sabnzbd.cfg.https_key.get_path()
+    https_chain = sabnzbd.cfg.https_chain.get_path()
+    if not (sabnzbd.cfg.https_chain() and os.path.exists(https_chain)):
+        https_chain = None
+
     if enable_https:
         # If either the HTTPS certificate or key do not exist, make some self-signed ones.
         if not (https_cert and os.path.exists(https_cert)) or not (https_key and os.path.exists(https_key)):
@@ -1379,14 +1384,15 @@ def main():
                 # Extra HTTP port for secondary localhost
                 attach_server(hosts[1], cherryport)
                 # Extra HTTPS port for secondary localhost
-                attach_server(hosts[1], https_port, https_cert, https_key)
+                attach_server(hosts[1], https_port, https_cert, https_key, https_chain)
             cherryport = https_port
         elif multilocal:
             # Extra HTTPS port for secondary localhost
             attach_server(hosts[1], cherryport, https_cert, https_key)
 
         cherrypy.config.update({'server.ssl_certificate' : https_cert,
-                                'server.ssl_private_key' : https_key })
+                                'server.ssl_private_key' : https_key,
+                                'server.ssl_certificate_chain' : https_chain})
     elif multilocal:
         # Extra HTTP port for secondary localhost
         attach_server(hosts[1], cherryport)
@@ -1813,4 +1819,4 @@ if __name__ == '__main__':
             main()
 
     else:
-        main()
+        main()

interfaces/Config/templates/config_general.tmpl

@@ -127,6 +127,11 @@
                     <input type="text" name="https_key" id="https_key" value="$https_key" size="50" />
                     <span class="desc">$T('explain-https_key')</span>
                 </div>
+                <div class="field-pair alt">
+                    <label class="config" for="https_chain">$T('opt-https_chain')</label>
+                    <input type="text" name="https_chain" id="https_chain" value="$https_chain" size="50" />
+                    <span class="desc">$T('explain-https_chain')</span>
+                </div>
                 <div class="field-pair">
                     <input type="submit" value="$T('button-saveChanges')" class="saveButton" />
                     <input type="button" value="$T('button-restart') SABnzbd" class="sabnzbd_restart" />

sabnzbd/cfg.py

@@ -206,6 +206,7 @@ log_new = OptionBool('logging', 'log_new', False)
 
 https_cert = OptionDir('misc', 'https_cert', 'server.cert', create=False)
 https_key = OptionDir('misc', 'https_key', 'server.key', create=False)
+https_chain = OptionDir('misc','https_chain', create=False)
 enable_https = OptionBool('misc', 'enable_https', False)
 
 language = OptionStr('misc', 'language', 'en')
@@ -265,3 +266,4 @@ def set_root_folders(home, lcldata):
 def set_root_folders2():
     https_cert.set_root(admin_dir.get_path())
     https_key.set_root(admin_dir.get_path())
+    https_chain.set_root(admin_dir.get_path())

sabnzbd/interface.py

@@ -1241,7 +1241,7 @@ class ConfigSpecial(object):
 GENERAL_LIST = (
     'host', 'port', 'username', 'password', 'disable_api_key',
     'refresh_rate', 'cache_limit',
-    'enable_https', 'https_port', 'https_cert', 'https_key'
+    'enable_https', 'https_port', 'https_cert', 'https_key', 'https_chain'
 )
 
 class ConfigGeneral(object):
@@ -1339,6 +1339,7 @@ class ConfigGeneral(object):
         conf['https_port'] = cfg.https_port()
         conf['https_cert'] = cfg.https_cert()
         conf['https_key'] = cfg.https_key()
+        conf['https_chain'] = cfg.https_chain()
         conf['enable_https'] = cfg.enable_https()
         conf['username'] = cfg.username()
         conf['password'] = cfg.password.get_stars()

sabnzbd/skintext.py

@@ -298,6 +298,8 @@ SKIN_TEXT = {
     'explain-https_cert' : TT('File name or path to HTTPS Certificate.'),
     'opt-https_key' : TT('HTTPS Key'),
     'explain-https_key' : TT('File name or path to HTTPS Key.'),
+    'opt-https_chain' : TT('HTTPS Chain Certifcates'),
+    'explain-https_chain' : TT('File name or path to HTTPS Chain.'),
     'tuning' : TT('Tuning'),
     'opt-refresh_rate' : TT('Queue auto refresh interval:'),
     'explain-refresh_rate' : TT('Refresh interval of the queue web-interface page(sec, 0= none).'),