client must validate the server's SSL certificate against the CA list if it is provided.

author: Thom Nichols <tmnichols@gmail.com> 2010-07-06 17:37:57 -0400
committer: Thom Nichols <tmnichols@gmail.com> 2010-07-06 17:37:57 -0400
commit: 85d8b9270f176e5c0a43b5219e84f75690a016e6 (patch)
tree: 53f7cb346b3cbe9901648376dd930ce9841f97b8
parent: 0a30e6c0175b13cef400d4cba27eaf145b07d365 (diff)
download: slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.gz
slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.bz2
slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.xz
slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py
index fd0b0fa0..f968fdb6 100644
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -140,7 +140,9 @@ class XMLStream(object):
 
 				if self.use_ssl and self.ssl_support:
 					logging.debug("Socket Wrapped for SSL")
-					self.socket = ssl.wrap_socket(self.socket,ca_certs=self.ca_certs)
+					cert_policy = ssl.CERT_NONE if self.ca_certs is None else ssl.CERT_REQUIRED
+					self.socket = ssl.wrap_socket(self.socket,
+					        ca_certs=self.ca_certs, cert_reqs=cert_policy)
 				
 				self.socket.connect(self.address)
 				self.filesocket = self.socket.makefile('rb', 0)
author	Thom Nichols <tmnichols@gmail.com>	2010-07-06 17:37:57 -0400
committer	Thom Nichols <tmnichols@gmail.com>	2010-07-06 17:37:57 -0400
commit	85d8b9270f176e5c0a43b5219e84f75690a016e6 (patch)
tree	53f7cb346b3cbe9901648376dd930ce9841f97b8
parent	0a30e6c0175b13cef400d4cba27eaf145b07d365 (diff)
download	slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.gz slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.bz2 slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.tar.xz slixmpp-85d8b9270f176e5c0a43b5219e84f75690a016e6.zip