summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLink Mauve <linkmauve@linkmauve.fr>2022-01-03 11:04:36 +0100
committerLink Mauve <linkmauve@linkmauve.fr>2022-01-03 11:04:36 +0100
commite56930e0a12b8b5e5117474bd919550e5c6aa930 (patch)
tree1811c23f2f1b13ab0a42324e48f4bd40005713cb
parent834ea8ed74865f323bd4ed79b1b698c348d9fd6f (diff)
parentd733c54518cda652ec3c753c2483d925b20eae57 (diff)
downloadslixmpp-e56930e0a12b8b5e5117474bd919550e5c6aa930.tar.gz
slixmpp-e56930e0a12b8b5e5117474bd919550e5c6aa930.tar.bz2
slixmpp-e56930e0a12b8b5e5117474bd919550e5c6aa930.tar.xz
slixmpp-e56930e0a12b8b5e5117474bd919550e5c6aa930.zip
Merge branch 'ca-cert-list' into 'master'
Allow Xmlstream.ca_certs to be an iterable See merge request poezio/slixmpp!177
-rw-r--r--slixmpp/xmlstream/xmlstream.py28
1 files changed, 25 insertions, 3 deletions
diff --git a/slixmpp/xmlstream/xmlstream.py b/slixmpp/xmlstream/xmlstream.py
index 7c4283f2..fd0269da 100644
--- a/slixmpp/xmlstream/xmlstream.py
+++ b/slixmpp/xmlstream/xmlstream.py
@@ -15,6 +15,7 @@ from typing import (
Coroutine,
Callable,
Iterator,
+ Iterable,
List,
Optional,
Set,
@@ -33,7 +34,6 @@ import socket as Socket
import ssl
import weakref
import uuid
-from pathlib import Path
from contextlib import contextmanager
import xml.etree.ElementTree as ET
@@ -47,6 +47,7 @@ from asyncio import (
iscoroutinefunction,
wait,
)
+from pathlib import Path
from slixmpp.types import FilterString
from slixmpp.xmlstream.tostring import tostring
@@ -75,6 +76,15 @@ class NotConnectedError(Exception):
"""
+class InvalidCABundle(Exception):
+ """
+ Exception raised when the CA Bundle file hasn't been found.
+ """
+
+ def __init__(self, path: Optional[Path]):
+ self.path = path
+
+
_T = TypeVar('_T', str, ElementBase, StanzaBase)
@@ -162,7 +172,7 @@ class XMLStream(asyncio.BaseProtocol):
#:
#: On Mac OS X, certificates in the system keyring will
#: be consulted, even if they are not in the provided file.
- ca_certs: Optional[Path]
+ ca_certs: Optional[Union[Path, Iterable[Path]]]
#: Path to a file containing a client certificate to use for
#: authenticating via SASL EXTERNAL. If set, there must also
@@ -760,8 +770,20 @@ class XMLStream(asyncio.BaseProtocol):
log.debug('Loaded cert file %s and key file %s',
self.certfile, self.keyfile)
if self.ca_certs is not None:
+ ca_cert: Optional[Path] = None
+ if isinstance(self.ca_certs, Path):
+ if self.ca_certs.is_file():
+ ca_cert = self.ca_certs
+ else:
+ for bundle in self.ca_certs:
+ if bundle.is_file():
+ ca_cert = bundle
+ break
+ if ca_cert is None:
+ raise InvalidCABundle(ca_cert)
+
self.ssl_context.verify_mode = ssl.CERT_REQUIRED
- self.ssl_context.load_verify_locations(cafile=self.ca_certs)
+ self.ssl_context.load_verify_locations(cafile=ca_cert)
return self.ssl_context