http.server with HTTPS fails to bind IPv6 addresses

[ggqlq]

Bug report

Bug description:

When HTTPS is enabled, the command-line interface of http.server can't bind IPv6 addresses correctly and the --directory flag doesn't work.

bind IPv6

HTTPS server throw an exception when I was trying to bind a IPv6 address, but HTTP server can bind IPv6 address.

# HTTPS
$ ./python -m http.server --tls-cert ~/Projects/ssl/localhost.crt --tls-key ~/Projects/ssl/localhost.key -b ::1
# ...
TypeError: AF_INET address must be a pair (host, port)

# HTTP
$ ./python -m http.server -b ::1
Serving HTTP on ::1 port 8000 (http://[::1]:8000/) ...

--directory issue

The HTTPS server always uses the work path of current terminal as its root directory and ignores the --directory flag:

# HTTPS
$ ./python -m http.server --tls-cert ~/Projects/ssl/localhost.crt --tls-key ~/Projects/ssl/localhost.key -d ~/test
Serving HTTPS on 0.0.0.0 port 8000 (https://0.0.0.0:8000/) ...
127.0.0.1 - - [18/May/2025 13:28:16] "GET / HTTP/1.1" 200 -

$ curl -k https://0.0.0.0:8000/
<!DOCTYPE HTML>
<html lang="en">
<head>
# ...
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href=".azure-pipelines/">.azure-pipelines/</a></li>
<li><a href=".coveragerc">.coveragerc</a></li>
<li><a href=".devcontainer/">.devcontainer/</a></li>
<li><a href=".editorconfig">.editorconfig</a></li>
<li><a href=".git/">.git/</a></li>
<li><a href=".gitattributes">.gitattributes</a></li>
<li><a href=".github/">.github/</a></li>
# ...
# Files in my cpython repo's root path
</ul>
<hr>
</body>
</html>

# HTTP

$ ./python -m http.server -d ~/test
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
127.0.0.1 - - [18/May/2025 13:24:30] "GET / HTTP/1.1" 200 -

$ curl http://0.0.0.0:8000/
<!DOCTYPE HTML>
<html lang="en">
<head>
# ...
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href="1">1</a></li>
<li><a href="2">2</a></li>
<li><a href="3">3</a></li>
</ul>
<hr>
</body>
</html>

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

• gh-134168: http.server with HTTPS fails to bind IPv6 addresses and ignores --directory flag  #134169
• [3.14] gh-134168: fix http.server CLI support for IPv6 and --directory when serving over HTTPS (#134169) #134630

[picnixz]

cc @donBarbos

[donBarbos]

thank you very much, my bad. really one of the problems is that we use DualStackServer(ThreadingHTTPServer) with address_family field as ServerClass in the test function to run http.server cli but we don't have same patch for HTTPS server

[picnixz]

I've opened #134176 for the --directory issue.

[ggqlq]

I think both of these two bugs are related to the DualStackServer class, which override the finish_request function to pass the directory and the server_bind function to bind IPv6 addresses. The original HTTPS implementation directly uses ThreadingHTTPSServer, which lacks the dual-stack support and directory handling from DualStackServer. We can solve them all once by adding the HTTPSDualStackServer.

    class HTTPSDualStackServer(ThreadingHTTPSServer):
        def server_bind(self):
            with contextlib.suppress(Exception):
                self.socket.setsockopt(
                    socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 0) # bind IPv6 addresses
            return super().server_bind()

        def finish_request(self, request, client_address):
            self.RequestHandlerClass(request, client_address, self,
                                     directory=args.directory) # handle --directory flag

Would it be acceptable to address both issues in a single PR? They share the same root cause, and separating the fixes would introduce unnecessary code duplication.

[picnixz]

Oh so if the root issue is the same, yes a single PR is better.

[picnixz]

Thank you for the report, the fix and your patience!