Add fields for setting client cert and key for SASL EXTERNAL.

1 files changed, 13 insertions, 0 deletions

diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py
index 4cc9e169..51dc25ed 100644
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -138,6 +138,15 @@ class XMLStream(object):
         #:     be consulted, even if they are not in the provided file.
         self.ca_certs = None
 
+        #: Path to a file containing a client certificate to use for
+        #: authenticating via SASL EXTERNAL. If set, there must also
+        #: be a corresponding `:attr:keyfile` value.
+        self.certfile = None
+
+        #: Path to a file containing the private key for the selected
+        #: client certificate to use for authenticating via SASL EXTERNAL.
+        self.keyfile = None
+
         #: The time in seconds to wait for events from the event queue,
         #: and also the time between checks for the process stop signal.
         self.wait_timeout = WAIT_TIMEOUT
@@ -499,6 +508,8 @@ class XMLStream(object):
                 cert_policy = ssl.CERT_REQUIRED
 
             ssl_socket = ssl.wrap_socket(self.socket,
+                                         certfile=self.certfile,
+                                         keyfile=self.keyfile,
                                          ca_certs=self.ca_certs,
                                          cert_reqs=cert_policy,
                                          do_handshake_on_connect=False)
@@ -799,6 +810,8 @@ class XMLStream(object):
                 cert_policy = ssl.CERT_REQUIRED
 
             ssl_socket = ssl.wrap_socket(self.socket,
+                                         certfile=self.certfile,
+                                         keyfile=self.keyfile,
                                          ssl_version=self.ssl_version,
                                          do_handshake_on_connect=False,
                                          ca_certs=self.ca_certs,