summaryrefslogtreecommitdiff
path: root/sleekxmpp
diff options
context:
space:
mode:
authorLance Stout <lancestout@gmail.com>2012-07-29 21:28:31 -0700
committerLance Stout <lancestout@gmail.com>2012-07-30 19:15:10 -0700
commit167d1ce97b35e5b0e9a4aed613617cbfa29298dd (patch)
tree2919a089d1f62e7b92feca39b128f151239ac29a /sleekxmpp
parent695cd95657585006a696243a1c8249f9d90b506e (diff)
downloadslixmpp-167d1ce97b35e5b0e9a4aed613617cbfa29298dd.tar.gz
slixmpp-167d1ce97b35e5b0e9a4aed613617cbfa29298dd.tar.bz2
slixmpp-167d1ce97b35e5b0e9a4aed613617cbfa29298dd.tar.xz
slixmpp-167d1ce97b35e5b0e9a4aed613617cbfa29298dd.zip
Add fields for setting client cert and key for SASL EXTERNAL.
Diffstat (limited to 'sleekxmpp')
-rw-r--r--sleekxmpp/xmlstream/xmlstream.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py
index 4cc9e169..51dc25ed 100644
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -138,6 +138,15 @@ class XMLStream(object):
#: be consulted, even if they are not in the provided file.
self.ca_certs = None
+ #: Path to a file containing a client certificate to use for
+ #: authenticating via SASL EXTERNAL. If set, there must also
+ #: be a corresponding `:attr:keyfile` value.
+ self.certfile = None
+
+ #: Path to a file containing the private key for the selected
+ #: client certificate to use for authenticating via SASL EXTERNAL.
+ self.keyfile = None
+
#: The time in seconds to wait for events from the event queue,
#: and also the time between checks for the process stop signal.
self.wait_timeout = WAIT_TIMEOUT
@@ -499,6 +508,8 @@ class XMLStream(object):
cert_policy = ssl.CERT_REQUIRED
ssl_socket = ssl.wrap_socket(self.socket,
+ certfile=self.certfile,
+ keyfile=self.keyfile,
ca_certs=self.ca_certs,
cert_reqs=cert_policy,
do_handshake_on_connect=False)
@@ -799,6 +810,8 @@ class XMLStream(object):
cert_policy = ssl.CERT_REQUIRED
ssl_socket = ssl.wrap_socket(self.socket,
+ certfile=self.certfile,
+ keyfile=self.keyfile,
ssl_version=self.ssl_version,
do_handshake_on_connect=False,
ca_certs=self.ca_certs,