Merge pull request #1 from tonyliu-minted/allow-ssl-params

Allow ssl params to be passed

client.py

@@ -22,6 +22,7 @@
 """
 
 import socket
+import ssl
 import debug
 Debug=debug
 Debug.DEBUGGING_IS_ON=1
@@ -90,12 +91,17 @@ def DEBUG(self,text,severity='info'):
 import transports,dispatcher,auth,roster
 class CommonClient:
     """ Base for Client and Component classes."""
-    def __init__(self,server,port=5222,debug=['always', 'nodebuilder']):
+    def __init__(self,server,port=5222,debug=['always', 'nodebuilder'],
+        cert_reqs=ssl.CERT_NONE, ca_certs=None):
         """ Caches server name and (optionally) port to connect to. "debug" parameter specifies
             the debug IDs that will go into debug output. You can either specifiy an "include"
             or "exclude" list. The latter is done via adding "always" pseudo-ID to the list.
             Full list: ['nodebuilder', 'dispatcher', 'gen_auth', 'SASL_auth', 'bind', 'socket',
-             'CONNECTproxy', 'TLS', 'roster', 'browser', 'ibb'] . """
+             'CONNECTproxy', 'TLS', 'roster', 'browser', 'ibb'] .
+
+            cert_reqs, ca_certs, please see
+            https://docs.python.org/2/library/ssl.html#ssl.wrap_socket
+        """
         if self.__class__.__name__=='Client': self.Namespace,self.DBG='jabber:client',DBG_CLIENT
         elif self.__class__.__name__=='Component': self.Namespace,self.DBG=dispatcher.NS_COMPONENT_ACCEPT,DBG_COMPONENT
         self.defaultNamespace=self.Namespace

setup.py

@@ -10,7 +10,7 @@
 
 # Set proper release version in source code also!!!
 setup(name='xmpppy',
-      version='0.5.2',
+      version='0.5.2.1',
       author='Cyril Peponnet',
       author_email='cyril@peponnet.fr',
       url='https://github.com/ArchipelProject/xmpppy',

transports.py

@@ -334,7 +334,8 @@ def PlugIn(self,owner,now=0):
         if owner.__dict__.has_key('TLS'): return  # Already enabled.
         PlugIn.PlugIn(self,owner)
         DBG_LINE='TLS'
-        if now: return self._startSSL()
+        if now: return self._startSSL(cert_reqs=owner.cert_reqs,
+            ca_certs=owner.ca_certs)
         if self._owner.Dispatcher.Stream.features:
             try: self.FeaturesHandler(self._owner.Dispatcher,self._owner.Dispatcher.Stream.features)
             except NodeProcessed: pass
@@ -364,11 +365,12 @@ def pending_data(self,timeout=0):
         """ Returns true if there possible is a data ready to be read. """
         return self._tcpsock._seen_data or select.select([self._tcpsock._sock],[],[],timeout)[0]
 
-    def _startSSL(self):
+    def _startSSL(self, cert_reqs=ssl.CERT_NONE, ca_certs=None):
         """ Immidiatedly switch socket to TLS mode. Used internally."""
         """ Here we should switch pending_data to hint mode."""
         tcpsock=self._owner.Connection
-        tcpsock._sslObj = ssl.wrap_socket(tcpsock._sock, None, None)
+        tcpsock._sslObj = ssl.wrap_socket(
+            tcpsock._sock, cert_reqs=cert_reqs, ca_certs=ca_certs)
         tcpsock._sslIssuer = tcpsock._sslObj.getpeercert().get('issuer')
         tcpsock._sslServer = tcpsock._sslObj.getpeercert().get('server')
         tcpsock._recv = tcpsock._sslObj.read
@@ -390,6 +392,7 @@ def StartTLSHandler(self, conn, starttls):
             self.DEBUG("Got starttls response: "+self.starttls,'error')
             return
         self.DEBUG("Got starttls proceed response. Switching to TLS/SSL...",'ok')
-        self._startSSL()
+        self._startSSL(cert_reqs=self._owner.cert_reqs,
+            ca_certs=self._owner.ca_certs)
         self._owner.Dispatcher.PlugOut()
         dispatcher.Dispatcher().PlugIn(self._owner)