From b5930ca958eefd45135840a789da08326e74ea87 Mon Sep 17 00:00:00 2001 From: mathieui Date: Thu, 11 Dec 2014 19:27:13 +0100 Subject: [PATCH] Bring back authentication through SASL EXTERNAL (and only update the ssl context before it gets used) --- .../xep_0257/client_cert_management.py | 2 +- slixmpp/xmlstream/xmlstream.py | 21 ++++++++++--------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/slixmpp/plugins/xep_0257/client_cert_management.py b/slixmpp/plugins/xep_0257/client_cert_management.py index d7ca50c9..729197e0 100644 --- a/slixmpp/plugins/xep_0257/client_cert_management.py +++ b/slixmpp/plugins/xep_0257/client_cert_management.py @@ -21,7 +21,7 @@ log = logging.getLogger(__name__) class XEP_0257(BasePlugin): name = 'xep_0257' - description = 'XEP-0258: Client Certificate Management for SASL EXTERNAL' + description = 'XEP-0257: Client Certificate Management for SASL EXTERNAL' dependencies = set(['xep_0030']) stanza = stanza diff --git a/slixmpp/xmlstream/xmlstream.py b/slixmpp/xmlstream/xmlstream.py index 1b69967c..c9261224 100644 --- a/slixmpp/xmlstream/xmlstream.py +++ b/slixmpp/xmlstream/xmlstream.py @@ -111,7 +111,7 @@ class XMLStream(object): #: The list of accepted ciphers, in OpenSSL Format. #: It might be useful to override it for improved security #: over the python defaults. - self._ciphers = None + self.ciphers = None #: Path to a file containing certificates for verifying the #: server SSL certificate. A non-``None`` value will trigger @@ -472,6 +472,16 @@ class XMLStream(object): loop = asyncio.get_event_loop() self.event_when_connected = "tls_success" + self.ssl_context.set_ciphers(self.ciphers) + if self.keyfile and self.certfile: + try: + self.ssl_context.load_cert_chain(self.certfile, self.keyfile) + except (ssl.SSLError, OSError): + log.debug('Error loading the cert chain:', exc_info=True) + else: + log.debug('Loaded cert file %s and key file %s', + self.certfile, self.keyfile) + ssl_connect_routine = loop.create_connection(lambda: self, ssl=self.ssl_context, sock=self.socket, server_hostname=self.address[0]) @@ -911,12 +921,3 @@ class XMLStream(object): """ pass - @property - def ciphers(self): - return self._ciphers - - @ciphers.setter - def ciphers(self, value): - self.ssl_context.set_ciphers(value) - self._ciphers = value -