search

fritzy / SleekXMPP

Python 2.6+/3.1+ XMPP Library
http://groups.google.com/group/sleekxmpp-discussion
Other
1.1k stars 299 forks source link

2way-ssl and server hostname #499

Open kelvinkwong opened 5 years ago

kelvinkwong commented 5 years ago

Client Certificate

Client Certificate is not configured in XMLStream._create_secure_socket() for Python > 3.4

Please change line 473: ctx.load_verify_locations(cafile=self.ca_certs) to:

if self.ca_certs:
    ctx.load_verify_locations(cafile=self.ca_certs)
if self.certfile and self.keyfile:
    ctx.load_cert_chain(self.certfile, self.keyfile)

So it checks the certificates are not None, before committing it in connection.

Server Hostname

Also, Server hostname is required on my instance in XMLStream._create_secure_socket(). Not sure if everybody needs it. On line 523: return ctx.wrap_socket(self.socket, do_handshake_on_connect=False) To: return ctx.wrap_socket(self.socket, do_handshake_on_connect=False, server_hostname=self._expected_server_name)

kelvinkwong commented 5 years ago

wrt to Branch == develop

Neustradamus commented 5 years ago

@kelvinkwong: Better to create a PR no?

kelvinkwong commented 5 years ago

@Neustradamus whats a PR? Sorry new to terms

Neustradamus commented 5 years ago

@kelvinkwong: https://github.com/fritzy/SleekXMPP/pulls :)