support specifying tls client keypair

4 months ago · 9a2f2156fe
parent 0435404ec3
commit 9a2f2156fe
3 changed files with 8 additions and 1 deletions
--- a/ircrobots/init.py
+++ b/ircrobots/init.py
@ -3,3 +3,4 @@ from .server import Server
 from .params import (ConnectionParams, SASLUserPass, SASLExternal, SASLSCRAM,
    STSPolicy, ResumePolicy)
 from .ircv3  import Capability
+from .security import TLS
--- a/ircrobots/security.py
+++ b/ircrobots/security.py
@ -1,7 +1,10 @@
 import ssl
+from dataclasses import dataclass
+from typing import Optional, Tuple

+@dataclass
 class TLS:
-    pass
+    client_keypair: Optional[Tuple[str, str]] = None

 # tls without verification
 class TLSNoVerify(TLS):
--- a/ircrobots/transport.py
+++ b/ircrobots/transport.py
@ -43,6 +43,9 @@ class TCPTransport(ITCPTransport):
        cur_ssl: Optional[SSLContext] = None
        if tls is not None:
            cur_ssl = tls_context(not isinstance(tls, TLSNoVerify))
+            if tls.client_keypair is not None:
+                (client_cert, client_key) = tls.client_keypair
+                cur_ssl.load_cert_chain(client_cert, keyfile=client_key)

        local_addr: Optional[Tuple[str, int]] = None
        if not bindhost is None: