summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--slixmpp/xmlstream/xmlstream.py28
1 files changed, 25 insertions, 3 deletions
diff --git a/slixmpp/xmlstream/xmlstream.py b/slixmpp/xmlstream/xmlstream.py
index 7c4283f2..fd0269da 100644
--- a/slixmpp/xmlstream/xmlstream.py
+++ b/slixmpp/xmlstream/xmlstream.py
@@ -15,6 +15,7 @@ from typing import (
Coroutine,
Callable,
Iterator,
+ Iterable,
List,
Optional,
Set,
@@ -33,7 +34,6 @@ import socket as Socket
import ssl
import weakref
import uuid
-from pathlib import Path
from contextlib import contextmanager
import xml.etree.ElementTree as ET
@@ -47,6 +47,7 @@ from asyncio import (
iscoroutinefunction,
wait,
)
+from pathlib import Path
from slixmpp.types import FilterString
from slixmpp.xmlstream.tostring import tostring
@@ -75,6 +76,15 @@ class NotConnectedError(Exception):
"""
+class InvalidCABundle(Exception):
+ """
+ Exception raised when the CA Bundle file hasn't been found.
+ """
+
+ def __init__(self, path: Optional[Path]):
+ self.path = path
+
+
_T = TypeVar('_T', str, ElementBase, StanzaBase)
@@ -162,7 +172,7 @@ class XMLStream(asyncio.BaseProtocol):
#:
#: On Mac OS X, certificates in the system keyring will
#: be consulted, even if they are not in the provided file.
- ca_certs: Optional[Path]
+ ca_certs: Optional[Union[Path, Iterable[Path]]]
#: Path to a file containing a client certificate to use for
#: authenticating via SASL EXTERNAL. If set, there must also
@@ -760,8 +770,20 @@ class XMLStream(asyncio.BaseProtocol):
log.debug('Loaded cert file %s and key file %s',
self.certfile, self.keyfile)
if self.ca_certs is not None:
+ ca_cert: Optional[Path] = None
+ if isinstance(self.ca_certs, Path):
+ if self.ca_certs.is_file():
+ ca_cert = self.ca_certs
+ else:
+ for bundle in self.ca_certs:
+ if bundle.is_file():
+ ca_cert = bundle
+ break
+ if ca_cert is None:
+ raise InvalidCABundle(ca_cert)
+
self.ssl_context.verify_mode = ssl.CERT_REQUIRED
- self.ssl_context.load_verify_locations(cafile=self.ca_certs)
+ self.ssl_context.load_verify_locations(cafile=ca_cert)
return self.ssl_context