summaryrefslogtreecommitdiff
path: root/sleekxmpp
diff options
context:
space:
mode:
authorTom Nichols <tmnichols@gmail.com>2010-07-07 13:19:21 -0400
committerTom Nichols <tmnichols@gmail.com>2010-07-07 13:19:21 -0400
commit34eb88f19919ae3891a2b1581f6cb4eccb6d6b47 (patch)
tree5772cd6d3f6f7526bf64b5c0026c6661cf59b686 /sleekxmpp
parent259dffeb6e4da0b879784ae9642f43c01b95811b (diff)
parentf3cf5f6080b484634e31edaa129c7922ebb62fb6 (diff)
downloadslixmpp-34eb88f19919ae3891a2b1581f6cb4eccb6d6b47.tar.gz
slixmpp-34eb88f19919ae3891a2b1581f6cb4eccb6d6b47.tar.bz2
slixmpp-34eb88f19919ae3891a2b1581f6cb4eccb6d6b47.tar.xz
slixmpp-34eb88f19919ae3891a2b1581f6cb4eccb6d6b47.zip
Merge branch 'hacks' of git@github.com:tomstrummer/SleekXMPP into hacks
Diffstat (limited to 'sleekxmpp')
-rw-r--r--sleekxmpp/xmlstream/xmlstream.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/sleekxmpp/xmlstream/xmlstream.py b/sleekxmpp/xmlstream/xmlstream.py
index 59b0cc62..7f2c8498 100644
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -140,7 +140,9 @@ class XMLStream(object):
if self.use_ssl and self.ssl_support:
logging.debug("Socket Wrapped for SSL")
- self.socket = ssl.wrap_socket(self.socket,ca_certs=self.ca_certs)
+ cert_policy = ssl.CERT_NONE if self.ca_certs is None else ssl.CERT_REQUIRED
+ self.socket = ssl.wrap_socket(self.socket,
+ ca_certs=self.ca_certs, cert_reqs=cert_policy)
self.socket.connect(self.address)
self.filesocket = self.socket.makefile('rb', 0)
@@ -169,12 +171,18 @@ class XMLStream(object):
def startTLS(self):
"Handshakes for TLS"
+ # TODO since this is not part of the 'connectTCP' method, it does not quiesce if
+ # The TLS negotiation throws an SSLError. It really should. Worse yet, some
+ # errors might be considered fatal (like certificate verification failure) in which
+ # case, should we even attempt to re-connect at all?
if self.ssl_support:
logging.info("Negotiating TLS")
# self.realsocket = self.socket # NOT USED
+ cert_policy = ssl.CERT_NONE if self.ca_certs is None else ssl.CERT_REQUIRED
self.socket = ssl.wrap_socket(self.socket,
ssl_version=ssl.PROTOCOL_TLSv1,
- do_handshake_on_connect=False,
+ do_handshake_on_connect=False,
+ cert_reqs=cert_policy,
ca_certs=self.ca_certs)
self.socket.do_handshake()
if sys.version_info < (3,0):