diff --git a/asyncpg/connect_utils.py b/asyncpg/connect_utils.py index 8d0bac2a..1fd5d802 100644 --- a/asyncpg/connect_utils.py +++ b/asyncpg/connect_utils.py @@ -222,7 +222,7 @@ def _parse_hostlist(hostlist, port, *, unquote=False): def _parse_connect_dsn_and_args(*, dsn, host, port, user, password, passfile, database, ssl, - sslcert, sslkey, sslrootcert, + sslcert, sslkey, sslrootcert, sslcrl, connect_timeout, server_settings): # `auth_hosts` is the version of host information for the purposes # of reading the pgpass file. @@ -326,6 +326,11 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user, if sslrootcert is None: sslrootcert = val + if 'sslcrl' in query: + val = query.pop('sslcrl') + if sslcrl is None: + sslcrl = val + if query: if server_settings is None: server_settings = query @@ -443,7 +448,6 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user, '`sslmode` parameter must be one of: {}'.format(modes)) # docs at https://www.postgresql.org/docs/10/static/libpq-connect.html - # Not implemented: sslcrl param. if sslmode < SSLMode.allow: ssl = False else: @@ -462,12 +466,18 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user, if sslrootcert is None: sslrootcert = os.getenv('PGSSLROOTCERT') + if sslcrl is None: + sslcrl = os.getenv('PGSSLCRL') + if sslcert: ssl.load_cert_chain(sslcert, keyfile=sslkey) if sslrootcert: ssl.load_verify_locations(cafile=sslrootcert) + if sslcrl: + ssl.load_verify_locations(cafile=sslcrl) + elif ssl is True: ssl = ssl_module.create_default_context() sslmode = SSLMode.verify_full @@ -495,7 +505,7 @@ def _parse_connect_arguments(*, dsn, host, port, user, password, passfile, statement_cache_size, max_cached_statement_lifetime, max_cacheable_statement_size, - ssl, sslcert, sslkey, sslrootcert, + ssl, sslcert, sslkey, sslrootcert, sslcrl, server_settings): local_vars = locals() @@ -525,7 +535,7 @@ def _parse_connect_arguments(*, dsn, host, port, user, password, passfile, dsn=dsn, host=host, port=port, user=user, password=password, passfile=passfile, ssl=ssl, sslcert=sslcert, sslkey=sslkey, sslrootcert=sslrootcert, - database=database, connect_timeout=timeout, + sslcrl=sslcrl, database=database, connect_timeout=timeout, server_settings=server_settings) config = _ClientConfiguration( diff --git a/asyncpg/connection.py b/asyncpg/connection.py index b4a2165b..b5647480 100644 --- a/asyncpg/connection.py +++ b/asyncpg/connection.py @@ -1758,6 +1758,7 @@ async def connect(dsn=None, *, sslcert=None, sslkey=None, sslrootcert=None, + sslcrl=None, connection_class=Connection, record_class=protocol.Record, server_settings=None): @@ -1912,6 +1913,10 @@ async def connect(dsn=None, *, This parameter specifies the name of a file containing SSL certificate authority (CA) certificate(s). + :param sslcrl + This parameter specifies the file name of the SSL certificate + revocation list (CRL). + :param dict server_settings: An optional dict of server runtime parameters. Refer to PostgreSQL documentation for @@ -2007,6 +2012,7 @@ async def connect(dsn=None, *, sslcert=sslcert, sslkey=sslkey, sslrootcert=sslrootcert, + sslcrl=sslcrl, database=database, server_settings=server_settings, command_timeout=command_timeout,