Revision 2d93a6a7 lib/http/__init__.py
| b/lib/http/__init__.py | ||
|---|---|---|
| 550 | 550 |
""" |
| 551 | 551 |
self.ssl_key_pem = utils.ReadFile(ssl_key_path) |
| 552 | 552 |
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path) |
| 553 |
self.ssl_cert_path = ssl_cert_path |
|
| 553 | 554 |
|
| 554 | 555 |
def GetKey(self): |
| 555 | 556 |
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
| ... | ... | |
| 609 | 610 |
OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT, |
| 610 | 611 |
self._SSLVerifyCallback) |
| 611 | 612 |
|
| 613 |
# Also add our certificate as a trusted CA to be sent to the client. |
|
| 614 |
# This is required at least for GnuTLS clients to work. |
|
| 615 |
try: |
|
| 616 |
# This will fail for PyOpenssl versions before 0.10 |
|
| 617 |
ctx.add_client_ca(self._ssl_cert) |
|
| 618 |
except AttributeError: |
|
| 619 |
# Fall back to letting OpenSSL read the certificate file directly. |
|
| 620 |
ctx.load_client_ca(ssl_params.ssl_cert_path) |
|
| 621 |
|
|
| 612 | 622 |
return OpenSSL.SSL.Connection(ctx, sock) |
| 613 | 623 |
|
| 614 | 624 |
def GetSslCiphers(self): # pylint: disable-msg=R0201 |
Also available in: Unified diff