From 92f859d8da5c3f35ab3738ef2725fff05b6cf57f Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 19 May 2016 16:19:34 +0200
Subject: Add CRL support to SSL support (#683)

A user can provide a CRL whose peer certificate will be checked
against. This only works with Python 3.4+ and Python 2.7.9+.
---
 kafka/client_async.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'kafka/client_async.py')

diff --git a/kafka/client_async.py b/kafka/client_async.py
index 7719426..7079f01 100644
--- a/kafka/client_async.py
+++ b/kafka/client_async.py
@@ -59,6 +59,7 @@ class KafkaClient(object):
         'ssl_cafile': None,
         'ssl_certfile': None,
         'ssl_keyfile': None,
+        'ssl_crlfile': None,
     }
 
     def __init__(self, **configs):
@@ -111,6 +112,11 @@ class KafkaClient(object):
                 establish the certificate's authenticity. default: none.
             ssl_keyfile (str): optional filename containing the client private key.
                 default: none.
+            ssl_crlfile (str): optional filename containing the CRL to check for
+                certificate expiration. By default, no CRL check is done. When
+                providing a file, only the leaf certificate will be checked against
+                this CRL. The CRL can only be checked with Python 3.4+ or 2.7.9+.
+                default: none.
         """
         self.config = copy.copy(self.DEFAULT_CONFIG)
         for key in self.config:
-- 
cgit v1.2.1