diff options
| author | Maxime “pep” Buquet <pep@bouah.net> | 2021-12-28 19:50:20 +0100 |
|---|---|---|
| committer | Maxime “pep” Buquet <pep@bouah.net> | 2022-01-03 10:30:09 +0100 |
| commit | d733c54518cda652ec3c753c2483d925b20eae57 (patch) | |
| tree | 1811c23f2f1b13ab0a42324e48f4bd40005713cb | |
| parent | 834ea8ed74865f323bd4ed79b1b698c348d9fd6f (diff) | |
| download | slixmpp-d733c54518cda652ec3c753c2483d925b20eae57.tar.gz slixmpp-d733c54518cda652ec3c753c2483d925b20eae57.tar.bz2 slixmpp-d733c54518cda652ec3c753c2483d925b20eae57.tar.xz slixmpp-d733c54518cda652ec3c753c2483d925b20eae57.zip | |
Allow Xmlstream.ca_certs to be an iterable
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
| -rw-r--r-- | slixmpp/xmlstream/xmlstream.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/slixmpp/xmlstream/xmlstream.py b/slixmpp/xmlstream/xmlstream.py index 7c4283f2..fd0269da 100644 --- a/slixmpp/xmlstream/xmlstream.py +++ b/slixmpp/xmlstream/xmlstream.py @@ -15,6 +15,7 @@ from typing import ( Coroutine, Callable, Iterator, + Iterable, List, Optional, Set, @@ -33,7 +34,6 @@ import socket as Socket import ssl import weakref import uuid -from pathlib import Path from contextlib import contextmanager import xml.etree.ElementTree as ET @@ -47,6 +47,7 @@ from asyncio import ( iscoroutinefunction, wait, ) +from pathlib import Path from slixmpp.types import FilterString from slixmpp.xmlstream.tostring import tostring @@ -75,6 +76,15 @@ class NotConnectedError(Exception): """ +class InvalidCABundle(Exception): + """ + Exception raised when the CA Bundle file hasn't been found. + """ + + def __init__(self, path: Optional[Path]): + self.path = path + + _T = TypeVar('_T', str, ElementBase, StanzaBase) @@ -162,7 +172,7 @@ class XMLStream(asyncio.BaseProtocol): #: #: On Mac OS X, certificates in the system keyring will #: be consulted, even if they are not in the provided file. - ca_certs: Optional[Path] + ca_certs: Optional[Union[Path, Iterable[Path]]] #: Path to a file containing a client certificate to use for #: authenticating via SASL EXTERNAL. If set, there must also @@ -760,8 +770,20 @@ class XMLStream(asyncio.BaseProtocol): log.debug('Loaded cert file %s and key file %s', self.certfile, self.keyfile) if self.ca_certs is not None: + ca_cert: Optional[Path] = None + if isinstance(self.ca_certs, Path): + if self.ca_certs.is_file(): + ca_cert = self.ca_certs + else: + for bundle in self.ca_certs: + if bundle.is_file(): + ca_cert = bundle + break + if ca_cert is None: + raise InvalidCABundle(ca_cert) + self.ssl_context.verify_mode = ssl.CERT_REQUIRED - self.ssl_context.load_verify_locations(cafile=self.ca_certs) + self.ssl_context.load_verify_locations(cafile=ca_cert) return self.ssl_context |