Commit bcf292e5 authored by Jim Fulton's avatar Jim Fulton

allow client cert paths to be passed into client_ssl

Also added a comment with a reminder for how to create self-signed certs.

Useful for playing with ssl configurations.
parent d2095794
...@@ -345,7 +345,10 @@ server_config = """ ...@@ -345,7 +345,10 @@ server_config = """
</zeo> </zeo>
""".format(server_cert, server_key, client_cert) """.format(server_cert, server_key, client_cert)
def client_ssl(): def client_ssl(cafile=server_key,
client_cert=client_cert,
client_key=client_key,
):
context = ssl.create_default_context( context = ssl.create_default_context(
ssl.Purpose.CLIENT_AUTH, cafile=server_cert) ssl.Purpose.CLIENT_AUTH, cafile=server_cert)
...@@ -353,3 +356,7 @@ def client_ssl(): ...@@ -353,3 +356,7 @@ def client_ssl():
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = False context.check_hostname = False
return context return context
# Here's a command to create a cert/key pair:
# openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem \
# -days 999999 -nodes -batch
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment