client must validate the server's SSL certificate against the CA list if it is provided.

2010-07-06 17:37:57 -04:00 · 2010-07-06 17:37:57 -04:00 · 85d8b9270f
commit 85d8b9270f
parent 0a30e6c017
1 changed files with 3 additions and 1 deletions
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@ -140,7 +140,9 @@ class XMLStream(object):

 				if self.use_ssl and self.ssl_support:
 					logging.debug("Socket Wrapped for SSL")
-					self.socket = ssl.wrap_socket(self.socket,ca_certs=self.ca_certs)
+					cert_policy = ssl.CERT_NONE if self.ca_certs is None else ssl.CERT_REQUIRED
+					self.socket = ssl.wrap_socket(self.socket,
+					        ca_certs=self.ca_certs, cert_reqs=cert_policy)
 				
 				self.socket.connect(self.address)
 				self.filesocket = self.socket.makefile('rb', 0)