CherryPy missing documentation: Enabling client certificate verification

CherryPy is a convenient pure-Python web server that provides a good host for WSGI applications. It’s seemingly one of the few Python WSGI web servers which allows for SSL without depending on a separate web server, which is quite attractive for cross-platform apps. (I think Tornado is another notable example which does this, but Tornado is not the best platform for WSGI, despite technically supporting it.)

Getting basic SSL up and running is not particularly hard; it is easy enough to google the CherryPy docs and find this. However, deeper configuration is not exactly clear. One such option is client certificate verification. Indeed, I thought that due to the presence of this bug that it was not presently possible to enable this out of the box in CherryPy.

Thankfully I was wrong; indeed it is possible, it just does not appear to be documented. So, here’s the missing documentation.

This post assumes CherryPy 12.0.0 and cheroot 5.9.1.


Embeddable Python distribution hack: include code outside the embedded distro path

Here’s a method for tweaking the “embeddable zip file” distributions of Python to allow you to import code outside of the extracted Python environment. This may be useful for a number of reasons, such as wanting to keep your code separate from the Python “core” code. In my particular case, I have a project I’m Read more about Embeddable Python distribution hack: include code outside the embedded distro path[…]

“Line-oriented JSON”: Using JSON for quick-and-dirty protocols and REPLs

As a Python and JavaScript programmer, I love JSON. Both languages support JSON really well, and it generally is more terse than XML while also providing basic built-in types. It’s very easy to rely on JSON as a general-purpose serialization format which can cross between both languages with a minimum of effort.

As such, one time I decided to use JSON for controlling a program via a read-eval-print loop (REPL). Rather than creating my own parsing scheme, it made sense to try to do things using JSON. Indeed, it is relatively easy to use JSON to do remote procedure calls, as is proven by existance of the JSON-RPC specification. (However, this post is not about JSON-RPC, nor do I use that particular protocol in this post, although similarities undoubtedly exist.)

As an example, here’s what a JSON-encoded remote function call might look like:

    "fn": "hello_person",
    "args": ["Steve"]

This can trivially be converted to JS or Python on the receiving side:


Now, the one key weakness I see with protocols based upon JSON is: what happens when an invalid JSON object is sent?


Re-evaluating my editor of choice: The first batch of editors

In my previous post, I made this list of programming-oriented text editors I wanted to take a good look at:

  • Emacs
  • vim/gvim
  • PyCharm (Community Edition)
  • Eclipse
  • NetBeans
  • Visual Studio Code

Since then, I’ve made a few minor additions:

  • IntelliJ IDEA (Community Edition)
  • Atom
  • Leo (maybe)

I’ve had a chance to take a look at a few of these. And while personal time constraints have reduced my ability to rate editors in the way I originally planned, I’ll at least provide what details and opinions I can.

So, without further ado…