Allow setting custom cipher suites in Py2.7+
This commit is contained in:
Lance Stout
parent
df9ad82336
commit
4ae6d44efc
@ -123,6 +123,11 @@ class XMLStream(object):
|
|||||||
#: xmpp.ssl_version = ssl.PROTOCOL_SSLv23
|
#: xmpp.ssl_version = ssl.PROTOCOL_SSLv23
|
||||||
self.ssl_version = ssl.PROTOCOL_TLSv1
|
self.ssl_version = ssl.PROTOCOL_TLSv1
|
||||||
|
|
||||||
|
#: The list of accepted ciphers, in OpenSSL Format.
|
||||||
|
#: It might be useful to override it for improved security
|
||||||
|
#: over the python defaults.
|
||||||
|
self.ciphers = None
|
||||||
|
|
||||||
#: Path to a file containing certificates for verifying the
|
#: Path to a file containing certificates for verifying the
|
||||||
#: server SSL certificate. A non-``None`` value will trigger
|
#: server SSL certificate. A non-``None`` value will trigger
|
||||||
#: certificate checking.
|
#: certificate checking.
|
||||||
@ -508,12 +513,18 @@ class XMLStream(object):
|
|||||||
else:
|
else:
|
||||||
cert_policy = ssl.CERT_REQUIRED
|
cert_policy = ssl.CERT_REQUIRED
|
||||||
|
|
||||||
ssl_socket = ssl.wrap_socket(self.socket,
|
ssl_args = {
|
||||||
certfile=self.certfile,
|
'certfile': self.certfile,
|
||||||
keyfile=self.keyfile,
|
'keyfile': self.keyfile,
|
||||||
ca_certs=self.ca_certs,
|
'ca_certs': self.ca_certs,
|
||||||
cert_reqs=cert_policy,
|
'cert_reqs': cert_policy,
|
||||||
do_handshake_on_connect=False)
|
'do_handshake_on_connect': False,
|
||||||
|
}
|
||||||
|
|
||||||
|
if sys.version_info >= (2, 7):
|
||||||
|
ssl_args['ciphers'] = self.ciphers
|
||||||
|
|
||||||
|
ssl_socket = ssl.wrap_socket(self.socket, **ssl_args)
|
||||||
|
|
||||||
if hasattr(self.socket, 'socket'):
|
if hasattr(self.socket, 'socket'):
|
||||||
# We are using a testing socket, so preserve the top
|
# We are using a testing socket, so preserve the top
|
||||||
@ -826,13 +837,18 @@ class XMLStream(object):
|
|||||||
else:
|
else:
|
||||||
cert_policy = ssl.CERT_REQUIRED
|
cert_policy = ssl.CERT_REQUIRED
|
||||||
|
|
||||||
ssl_socket = ssl.wrap_socket(self.socket,
|
ssl_args = {
|
||||||
certfile=self.certfile,
|
'certfile': self.certfile,
|
||||||
keyfile=self.keyfile,
|
'keyfile': self.keyfile,
|
||||||
ssl_version=self.ssl_version,
|
'ca_certs': self.ca_certs,
|
||||||
do_handshake_on_connect=False,
|
'cert_reqs': cert_policy,
|
||||||
ca_certs=self.ca_certs,
|
'do_handshake_on_connect': False,
|
||||||
cert_reqs=cert_policy)
|
}
|
||||||
|
|
||||||
|
if sys.version_info >= (2, 7):
|
||||||
|
ssl_args['ciphers'] = self.ciphers
|
||||||
|
|
||||||
|
ssl_socket = ssl.wrap_socket(self.socket, **ssl_args);
|
||||||
|
|
||||||
if hasattr(self.socket, 'socket'):
|
if hasattr(self.socket, 'socket'):
|
||||||
# We are using a testing socket, so preserve the top
|
# We are using a testing socket, so preserve the top
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user