Merge pull request #142 from hedin/feature/client-certificate-verification

Pass CA params to broker's SSL context
2018-07-12 13:09:53 +02:00 · 2018-07-12 13:09:53 +02:00 · bb96056847
commit bb96056847
--- a/hbmqtt/broker.py
+++ b/hbmqtt/broker.py
@ -250,7 +250,12 @@ class Broker:

                    if ssl_active:
                        try:
-                            sc = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+                            sc = ssl.create_default_context(
+                                ssl.Purpose.CLIENT_AUTH,
+                                cafile=listener.get('cafile'),
+                                capath=listener.get('capath'),
+                                cadata=listener.get('cadata')
+                            )
                            sc.load_cert_chain(listener['certfile'], listener['keyfile'])
                            sc.verify_mode = ssl.CERT_OPTIONAL
                        except KeyError as ke: