Revision 2d93a6a7
b/lib/http/__init__.py | ||
---|---|---|
550 | 550 |
""" |
551 | 551 |
self.ssl_key_pem = utils.ReadFile(ssl_key_path) |
552 | 552 |
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path) |
553 |
self.ssl_cert_path = ssl_cert_path |
|
553 | 554 |
|
554 | 555 |
def GetKey(self): |
555 | 556 |
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, |
... | ... | |
609 | 610 |
OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT, |
610 | 611 |
self._SSLVerifyCallback) |
611 | 612 |
|
613 |
# Also add our certificate as a trusted CA to be sent to the client. |
|
614 |
# This is required at least for GnuTLS clients to work. |
|
615 |
try: |
|
616 |
# This will fail for PyOpenssl versions before 0.10 |
|
617 |
ctx.add_client_ca(self._ssl_cert) |
|
618 |
except AttributeError: |
|
619 |
# Fall back to letting OpenSSL read the certificate file directly. |
|
620 |
ctx.load_client_ca(ssl_params.ssl_cert_path) |
|
621 |
|
|
612 | 622 |
return OpenSSL.SSL.Connection(ctx, sock) |
613 | 623 |
|
614 | 624 |
def GetSslCiphers(self): # pylint: disable-msg=R0201 |
Also available in: Unified diff