Load a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if pre
(
self,
certfile: Union[str, bytes],
keyfile: Union[str, bytes, None] = None,
password: Optional[str] = None,
)
| 285 | options = property(__get_options, __set_options) |
| 286 | |
| 287 | def load_cert_chain( |
| 288 | self, |
| 289 | certfile: Union[str, bytes], |
| 290 | keyfile: Union[str, bytes, None] = None, |
| 291 | password: Optional[str] = None, |
| 292 | ) -> None: |
| 293 | """Load a private key and the corresponding certificate. The certfile |
| 294 | string must be the path to a single file in PEM format containing the |
| 295 | certificate as well as any number of CA certificates needed to |
| 296 | establish the certificate's authenticity. The keyfile string, if |
| 297 | present, must point to a file containing the private key. Otherwise |
| 298 | the private key will be taken from certfile as well. |
| 299 | """ |
| 300 | # Match CPython behavior |
| 301 | # https://github.com/python/cpython/blob/v3.8.0/Modules/_ssl.c#L3930-L3971 |
| 302 | # Password callback MUST be set first or it will be ignored. |
| 303 | if password: |
| 304 | |
| 305 | def _pwcb(_max_length: int, _prompt_twice: bool, _user_data: Optional[bytes]) -> bytes: |
| 306 | # XXX:We could check the password length against what OpenSSL |
| 307 | # tells us is the max, but we can't raise an exception, so... |
| 308 | # warn? |
| 309 | assert password is not None |
| 310 | return password.encode("utf-8") |
| 311 | |
| 312 | self._ctx.set_passwd_cb(_pwcb) |
| 313 | self._ctx.use_certificate_chain_file(certfile) |
| 314 | self._ctx.use_privatekey_file(keyfile or certfile) |
| 315 | self._ctx.check_privatekey() |
| 316 | |
| 317 | def load_verify_locations( |
| 318 | self, cafile: Optional[str] = None, capath: Optional[str] = None |
no outgoing calls