Browse code
allow skip key file config option for embedded keys case
Aleksandr Chazov authored on 2020/04/20 21:13:50Showing 1 changed files
| ... | ... |
@@ -82,18 +82,14 @@ class http_connection(object): |
| 82 | 82 |
cafile = cfg.ca_certs_file |
| 83 | 83 |
if cafile == "": |
| 84 | 84 |
cafile = None |
| 85 |
- certfile = cfg.ssl_client_cert_file |
|
| 86 |
- if certfile == "": |
|
| 87 |
- certfile = None |
|
| 88 |
- keyfile = cfg.ssl_client_key_file |
|
| 89 |
- if keyfile == "": |
|
| 90 |
- keyfile = None |
|
| 85 |
+ certfile = cfg.ssl_client_cert_file or None |
|
| 86 |
+ keyfile = cfg.ssl_client_key_file or None # the key may be embedded into cert file |
|
| 91 | 87 |
|
| 92 | 88 |
debug(u"Using ca_certs_file %s", cafile) |
| 93 | 89 |
debug(u"Using ssl_client_cert_file %s", certfile) |
| 94 | 90 |
debug(u"Using ssl_client_key_file %s", keyfile) |
| 95 | 91 |
|
| 96 |
- if keyfile is not None and certfile is not None: |
|
| 92 |
+ if certfile is not None: |
|
| 97 | 93 |
context = http_connection._ssl_client_auth_context(certfile, keyfile, cfg.check_ssl_certificate, cafile) |
| 98 | 94 |
elif cfg.check_ssl_certificate: |
| 99 | 95 |
context = http_connection._ssl_verified_context(cafile) |