Improve error signalling for client certificates.

2026-04-28 20:24:59 +08:00 · 2013-01-20 22:36:54 +13:00
parent 00d20abdd4
commit 7248a22d5e
2 changed files with 15 additions and 3 deletions
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -177,11 +177,14 @@ class TCPClient:
            clientcert: Path to a file containing both client cert and private key.
        """
        context = SSL.Context(method)
-        if not options is None:
+        if options is not None:
            ctx.set_options(options)
        if clientcert:
-            context.use_privatekey_file(clientcert)
-            context.use_certificate_file(clientcert)
+            try:
+                context.use_privatekey_file(clientcert)
+                context.use_certificate_file(clientcert)
+            except SSL.Error, v:
+                raise NetLibError("SSL client certificate error: %s"%str(v))
        self.connection = SSL.Connection(context, self.connection)
        self.ssl_established = True
        if sni:
--- a/test/test_tcp.py
+++ b/test/test_tcp.py
@@ -189,6 +189,15 @@ class TestSSLClientCert(ServerTestBase):
        c.convert_to_ssl(clientcert=tutils.test_data.path("data/clientcert/client.pem"))
        assert c.rfile.readline().strip() == "1"

+    def test_clientcert_err(self):
+        c = tcp.TCPClient("127.0.0.1", self.port)
+        c.connect()
+        tutils.raises(
+            tcp.NetLibError,
+            c.convert_to_ssl,
+            clientcert=tutils.test_data.path("data/clientcert/make")
+        )
+

 class TestSNI(ServerTestBase):
    @classmethod