summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormathieui <mathieui@mathieui.net>2014-12-11 19:27:13 +0100
committermathieui <mathieui@mathieui.net>2014-12-11 19:27:13 +0100
commitb5930ca958eefd45135840a789da08326e74ea87 (patch)
treeae77a11a172da7c2d75b18489b300e883825df4d
parent423974f90d4e9e7e25b99a690799419d48c4e644 (diff)
downloadslixmpp-b5930ca958eefd45135840a789da08326e74ea87.tar.gz
slixmpp-b5930ca958eefd45135840a789da08326e74ea87.tar.bz2
slixmpp-b5930ca958eefd45135840a789da08326e74ea87.tar.xz
slixmpp-b5930ca958eefd45135840a789da08326e74ea87.zip
Bring back authentication through SASL EXTERNAL
(and only update the ssl context before it gets used)
-rw-r--r--slixmpp/plugins/xep_0257/client_cert_management.py2
-rw-r--r--slixmpp/xmlstream/xmlstream.py21
2 files changed, 12 insertions, 11 deletions
diff --git a/slixmpp/plugins/xep_0257/client_cert_management.py b/slixmpp/plugins/xep_0257/client_cert_management.py
index d7ca50c9..729197e0 100644
--- a/slixmpp/plugins/xep_0257/client_cert_management.py
+++ b/slixmpp/plugins/xep_0257/client_cert_management.py
@@ -21,7 +21,7 @@ log = logging.getLogger(__name__)
class XEP_0257(BasePlugin):
name = 'xep_0257'
- description = 'XEP-0258: Client Certificate Management for SASL EXTERNAL'
+ description = 'XEP-0257: Client Certificate Management for SASL EXTERNAL'
dependencies = set(['xep_0030'])
stanza = stanza
diff --git a/slixmpp/xmlstream/xmlstream.py b/slixmpp/xmlstream/xmlstream.py
index 1b69967c..c9261224 100644
--- a/slixmpp/xmlstream/xmlstream.py
+++ b/slixmpp/xmlstream/xmlstream.py
@@ -111,7 +111,7 @@ class XMLStream(object):
#: The list of accepted ciphers, in OpenSSL Format.
#: It might be useful to override it for improved security
#: over the python defaults.
- self._ciphers = None
+ self.ciphers = None
#: Path to a file containing certificates for verifying the
#: server SSL certificate. A non-``None`` value will trigger
@@ -472,6 +472,16 @@ class XMLStream(object):
loop = asyncio.get_event_loop()
self.event_when_connected = "tls_success"
+ self.ssl_context.set_ciphers(self.ciphers)
+ if self.keyfile and self.certfile:
+ try:
+ self.ssl_context.load_cert_chain(self.certfile, self.keyfile)
+ except (ssl.SSLError, OSError):
+ log.debug('Error loading the cert chain:', exc_info=True)
+ else:
+ log.debug('Loaded cert file %s and key file %s',
+ self.certfile, self.keyfile)
+
ssl_connect_routine = loop.create_connection(lambda: self, ssl=self.ssl_context,
sock=self.socket,
server_hostname=self.address[0])
@@ -911,12 +921,3 @@ class XMLStream(object):
"""
pass
- @property
- def ciphers(self):
- return self._ciphers
-
- @ciphers.setter
- def ciphers(self, value):
- self.ssl_context.set_ciphers(value)
- self._ciphers = value
-