Bring back authentication through SASL EXTERNAL

(and only update the ssl context before it gets used)

slixmpp/plugins/xep_0257/client_cert_management.py

@@ -21,7 +21,7 @@ log = logging.getLogger(__name__)
 class XEP_0257(BasePlugin):
 
     name = 'xep_0257'
-    description = 'XEP-0258: Client Certificate Management for SASL EXTERNAL'
+    description = 'XEP-0257: Client Certificate Management for SASL EXTERNAL'
     dependencies = set(['xep_0030'])
     stanza = stanza
 

slixmpp/xmlstream/xmlstream.py

@@ -111,7 +111,7 @@ class XMLStream(object):
         #: The list of accepted ciphers, in OpenSSL Format.
         #: It might be useful to override it for improved security
         #: over the python defaults.
-        self._ciphers = None
+        self.ciphers = None
 
         #: Path to a file containing certificates for verifying the
         #: server SSL certificate. A non-``None`` value will trigger
@@ -472,6 +472,16 @@ class XMLStream(object):
         loop = asyncio.get_event_loop()
         self.event_when_connected = "tls_success"
 
+        self.ssl_context.set_ciphers(self.ciphers)
+        if self.keyfile and self.certfile:
+            try:
+                self.ssl_context.load_cert_chain(self.certfile, self.keyfile)
+            except (ssl.SSLError, OSError):
+                log.debug('Error loading the cert chain:', exc_info=True)
+            else:
+                log.debug('Loaded cert file %s and key file %s',
+                          self.certfile, self.keyfile)
+
         ssl_connect_routine = loop.create_connection(lambda: self, ssl=self.ssl_context,
                                                      sock=self.socket,
                                                      server_hostname=self.address[0])
@@ -911,12 +921,3 @@ class XMLStream(object):
         """
         pass
 
-    @property
-    def ciphers(self):
-        return self._ciphers
-
-    @ciphers.setter
-    def ciphers(self, value):
-        self.ssl_context.set_ciphers(value)
-        self._ciphers = value
-