diff options
author | liris <liris.pp@gmail.com> | 2018-05-27 13:33:32 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-27 13:33:32 +0900 |
commit | bd6699855e8ad6ef9302768b4eed74880874165a (patch) | |
tree | d43e4f7ff79c5a337855e24dcbe74d2f4edc5d74 /websocket/_http.py | |
parent | 66336ba31c47f0a77d1ac1e620693d30cc5bbdd0 (diff) | |
parent | 1f07e19d0da7f1ba3e1939edcb99e41e7eb81f3b (diff) | |
download | websocket-client-bd6699855e8ad6ef9302768b4eed74880874165a.tar.gz |
Merge pull request #415 from minus7/master
Load system default certificates if none are given
Diffstat (limited to 'websocket/_http.py')
-rw-r--r-- | websocket/_http.py | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/websocket/_http.py b/websocket/_http.py index 2bb2aeb..6090432 100644 --- a/websocket/_http.py +++ b/websocket/_http.py @@ -141,7 +141,12 @@ def _wrap_sni_socket(sock, sslopt, hostname, check_hostname): context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23)) if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE: - context.load_verify_locations(cafile=sslopt.get('ca_certs', None), capath=sslopt.get('ca_cert_path', None)) + cafile = sslopt.get('ca_certs', None) + capath = sslopt.get('ca_cert_path', None) + if cafile or capath: + context.load_verify_locations(cafile=cafile, capath=capath) + elif hasattr(context, 'load_default_certs'): + context.load_default_certs(ssl.Purpose.SERVER_AUTH) if sslopt.get('certfile', None): context.load_cert_chain( sslopt['certfile'], @@ -173,15 +178,13 @@ def _ssl_socket(sock, user_sslopt, hostname): sslopt = dict(cert_reqs=ssl.CERT_REQUIRED) sslopt.update(user_sslopt) - if os.environ.get('WEBSOCKET_CLIENT_CA_BUNDLE'): - certPath = os.environ.get('WEBSOCKET_CLIENT_CA_BUNDLE') - else: - certPath = os.path.join( - os.path.dirname(__file__), "cacert.pem") - if os.path.isfile(certPath) and user_sslopt.get('ca_certs', None) is None \ + certPath = os.environ.get('WEBSOCKET_CLIENT_CA_BUNDLE') + if certPath and os.path.isfile(certPath) \ + and user_sslopt.get('ca_certs', None) is None \ and user_sslopt.get('ca_cert', None) is None: sslopt['ca_certs'] = certPath - elif os.path.isdir(certPath) and user_sslopt.get('ca_cert_path', None) is None: + elif certPath and os.path.isdir(certPath) \ + and user_sslopt.get('ca_cert_path', None) is None: sslopt['ca_cert_path'] = certPath check_hostname = sslopt["cert_reqs"] != ssl.CERT_NONE and sslopt.pop( |